Re: [Django] #27763: Docs: check invalid csrftoken on CSRF_FAILURE_VIEW

[Django]

#27763: Docs: check invalid csrftoken on CSRF_FAILURE_VIEW
-------------------------------------+-------------------------------------
     Reporter:  Ramin Farajpour      |                    Owner:  nobody
  Cami                               |
         Type:                       |                   Status:  new
  Cleanup/optimization               |
    Component:  Documentation        |                  Version:  master
     Severity:  Normal               |               Resolution:
     Keywords:                       |             Triage Stage:
                                     |  Unreviewed
    Has patch:  0                    |      Needs documentation:  0
  Needs tests:  0                    |  Patch needs improvement:  0
Easy pickings:  0                    |                    UI/UX:  0
-------------------------------------+-------------------------------------

Comment (by Ramin Farajpour Cami):

 **Every view might have special handling for AJAX requests.** Yes,Or like
 :  [https://docs.djangoproject.com/en/1.10/topics/auth/default/#the-login-
 required-decorator login_required] i know about it, with pass request
 direct to `@login_required def anything():` and
 `request.user.is_authenticate()` for AJAX,

 but `CSRF_FAILURE_VIEW` is a custom error handling security, maybe pass
 AJAX request to send for many action like : `def requests(req):`  and etc
 if csrftoken is invalid with this
 [https://docs.djangoproject.com/en/dev/ref/settings/#std:setting-
 CSRF_FAILURE_VIEW docs]  user define template for view error of missing
 `csrftoken` for AJAX or `form` request, Understanding is difficult for
 users beginner how to handle AJAX missing `csrftoken`!!!!,

 **I'm not immediately convinced that documenting this possibility each
 time adds much value** again you are right,but I've mentioned above

--
Ticket URL: <https://code.djangoproject.com/ticket/27763#comment:2>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/065.9fc5bcaa3a4660ce48d178b37251958b%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.