#32916: CsrfViewMiddleware's request.META["CSRF_COOKIE_USED"] and
request.csrf_cookie_needs_reset can be combined
-------------------------------------+-------------------------------------
Reporter: Chris Jerdonek | Owner: Chris
Type: | Jerdonek
Cleanup/optimization | Status: assigned
Component: CSRF | Version: dev
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Comment (by Chris Jerdonek):
> I do not have strong feelings on the request attr vs the META dict.
Somehow META feels wrong, what is META supposed to be used for?
Thanks, Florian. One advantage `META` has over a custom attribute is that
its contents automatically get displayed in the debug view under "Request
information" (which isn't currently true for custom attributes). So
developers are able to see a snapshot of the CSRF "state" more easily when
an error occurs. This is what I was referring to in part when I said above
it's "more visible and easier to debug." Also, as long as we're using
`META` to store `CSRF_COOKIE`, I think it makes sense to store the related
values alongside. If we're considering moving `CSRF_COOKIE` out of there
at some point, it's another story. Finally, while the debug view and tools
could be updated to display certain custom attributes, it would create
more friction when changing the attributes because the tools would also
need to be updated.
--
Ticket URL: <https://code.djangoproject.com/ticket/32916#comment:5>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/067.1e33d3e21d5f6cc427703bf69ff32cb4%40djangoproject.com.