Re: [Django] #32916: CsrfViewMiddleware's request.META["CSRF_COOKIE_USED"] and request.csrf_cookie_needs_reset can be combined

[Django]

#32916: CsrfViewMiddleware's request.META["CSRF_COOKIE_USED"] and
request.csrf_cookie_needs_reset can be combined
-------------------------------------+-------------------------------------
     Reporter:  Chris Jerdonek       |                    Owner:  Chris
         Type:                       |  Jerdonek
  Cleanup/optimization               |                   Status:  assigned
    Component:  CSRF                 |                  Version:  dev
     Severity:  Normal               |               Resolution:
     Keywords:                       |             Triage Stage:  Accepted
    Has patch:  0                    |      Needs documentation:  0
  Needs tests:  0                    |  Patch needs improvement:  0
Easy pickings:  0                    |                    UI/UX:  0
-------------------------------------+-------------------------------------

Comment (by Chris Jerdonek):

 > I do not have strong feelings on the request attr vs the META dict.
 Somehow META feels wrong, what is META supposed to be used for?

 Thanks, Florian. One advantage `META` has over a custom attribute is that
 its contents automatically get displayed in the debug view under "Request
 information" (which isn't currently true for custom attributes). So
 developers are able to see a snapshot of the CSRF "state" more easily when
 an error occurs. This is what I was referring to in part when I said above
 it's "more visible and easier to debug." Also, as long as we're using
 `META` to store `CSRF_COOKIE`, I think it makes sense to store the related
 values alongside. If we're considering moving `CSRF_COOKIE` out of there
 at some point, it's another story. Finally, while the debug view and tools
 could be updated to display certain custom attributes, it would create
 more friction when changing the attributes because the tools would also
 need to be updated.

-- 
Ticket URL: <https://code.djangoproject.com/ticket/32916#comment:5>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/067.1e33d3e21d5f6cc427703bf69ff32cb4%40djangoproject.com.