#27763: Docs: check invalid csrftoken on CSRF_FAILURE_VIEW
------------------------------------------------+------------------------
Reporter: Ramin Farajpour Cami | Owner: nobody
Type: Cleanup/optimization | Status: new
Component: Documentation | Version: master
Severity: Normal | Keywords:
Triage Stage: Unreviewed | Has patch: 0
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 0 | Easy pickings: 0
UI/UX: 0 |
------------------------------------------------+------------------------
Hi,
settings.CSRF_FAILURE_VIEW alwase render html,when from client side
sending request invalid `csrftoken:invalid` with `type:json`,
from https://docs.djangoproject.com/en/dev/ref/settings/#std:setting-
CSRF_FAILURE_VIEW
{{{
def csrf_failure(request, reason=""):
...
# render html page
}}}
while request is `type:json` and response is `type:html`, i think we
should point this scenario to django docs,
example :
{{{
def csrf_failure(request, reason=""):
if request.is_ajax():
return HttpResponseForbidden('',
content_type='application/json',
charset="utf-8")
return render(...)
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/27763>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/050.364c631a98422d75baa989df381d6a0c%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.
