On Thu, Aug 28, 2014 at 1:53 PM, Aymeric Augustin < [email protected]> wrote:
> Le 28 août 2014 à 03:25, Tim Graham <[email protected]> a écrit : > > I am fine with putting it in core instead of contrib. That just means we > need to figure out what to do about settings since we cannot put them on an > AppConfig. Assuming we don't want to add them as normal settings, we may be > able to use the approach proposed on this mailing list for the CSRF > settings -- using attributes on the middleware class (PR > <https://github.com/django/django/pull/1995>). In that could work by > iterating through MIIDDLEWARE_CLASSES until it finds a subclass of > SecurityMiddleware and then check the attributes (settings) on that class. > I will look into this approach tomorrow. > > > As soon as we have something that is a global setting, I don't find it an > improvement to hide it in an object instead of keeping it in plain sight in > the settings. > > Having to subclass a middleware just to change the lifetime of the CSRF > cookie doesn't look like an improvement. > How many new settings are we talking about here? I know we've historically avoided adding new settings, but that's mostly as guidance to those proposing features where "and we'll add a setting to control when it takes effect". When we've actually *needed* a setting, we've never shied away from it. Personally - I don't see it as a problem to have a settings for the configuration of a specific behaviour (e.g., a timeout interval). It's when settings relate to behaviour switches or major configuration that I start to get twitchy :-) Russ %-) -- You received this message because you are subscribed to the Google Groups "Django developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/django-developers. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/CAJxq849mxwkNpSviYX9Cq403vhvFMSYbd3o02OvPdYGq9WccDg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
