#9977: CSRFMiddleware needs template tag
---------------------------------------------+------------------------------
Reporter: bthomas | Owner: nobody
Status: new | Milestone:
Component: Uncategorized | Version: 1.0
Resolution: | Keywords: csrf
Stage: Design decision needed | Has_patch: 1
Needs_docs: 1 | Needs_tests: 0
Needs_better_patch: 1 |
---------------------------------------------+------------------------------
Comment (by lukeplant):
The 'noid' solution isn't really practical -- because it is manual, it
means that templates for forms are not composable. Personally, I would
advocate removing the id attribute altogether. The only use case for it
is using the token in AJAX calls, but that shouldn't be necessary any
longer (see the CSRF documentation).
Removing the id attribute is slightly backwards incompatible, for the case
of javascript that was relying on the behaviour of CsrfMiddleware to
insert this attribute. However, it was never documented that the
CsrfMiddleware would do this, it was just a nice way to help AJAX apps to
get around the middleware. It's similar to the way that the admin
HTML/CSS has changed - those changes can easily break custom admin
templates or Javascript that was layered on top of the admin, but that's
tough. People are going to have to manually change stuff anyway to use
the templatetag, so they should be aware of the change.
--
Ticket URL: <http://code.djangoproject.com/ticket/9977#comment:7>
Django <http://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en
-~----------~----~----~----~------~----~------~--~---
