#9977: CSRFMiddleware needs template tag
------------------------------------+---------------------------------------
Reporter: bthomas | Owner: nobody
Status: new | Milestone:
Component: Uncategorized | Version: 1.0
Resolution: | Keywords:
Stage: Unreviewed | Has_patch: 1
Needs_docs: 1 | Needs_tests: 0
Needs_better_patch: 1 |
------------------------------------+---------------------------------------
Changes (by lukeplant):
* needs_better_patch: 0 => 1
* needs_docs: 0 => 1
Comment:
Thanks Bob.
One - the patch will produce invalid HTML if there is more than one form
on the page using the tag. This is due to the 'id' attribute -- it was
added to help AJAX which needs to get hold of the token somehow. This
should not be needed in most cases now (AJAX is automatically excluded),
but changing it will break existing apps that relied on the old
!CsrfMiddleware. So we need to keep it and work out how not to add it.
Two - the tag doesn't do the right thing in the case of there being no
session -- I would expect no output.
(There is still a lot to do in terms of docs, tests etc, and the other
things I list on the thread you mentioned, but this is a good start,
thanks).
--
Ticket URL: <http://code.djangoproject.com/ticket/9977#comment:2>
Django <http://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en
-~----------~----~----~----~------~----~------~--~---
