#9977: CSRFMiddleware needs template tag
---------------------------------------------+------------------------------
Reporter: bthomas | Owner: nobody
Status: new | Milestone:
Component: Uncategorized | Version: 1.0
Resolution: | Keywords: csrf
Stage: Design decision needed | Has_patch: 1
Needs_docs: 1 | Needs_tests: 0
Needs_better_patch: 1 |
---------------------------------------------+------------------------------
Comment (by bthomas):
Replying to [comment:7 lukeplant]:
> The 'noid' solution isn't really practical -- because it is manual, it
means that templates for forms are not composable. Personally, I would
advocate removing the id attribute altogether. The only use case for it
is using the token in AJAX calls, but that shouldn't be necessary any
longer (see the CSRF documentation).
>
> Removing the id attribute is slightly backwards incompatible, for the
case of javascript that was relying on the behaviour of CsrfMiddleware to
insert this attribute. However, it was never documented that the
CsrfMiddleware would do this, it was just a nice way to help AJAX apps to
get around the middleware. It's similar to the way that the admin
HTML/CSS has changed - those changes can easily break custom admin
templates or Javascript that was layered on top of the admin, but that's
tough. People are going to have to manually change stuff anyway to use
the templatetag, so they should be aware of the change.
>
So, in your initial comment you said we needed to keep it and figure out a
way to not add it multiple times, and now you propose to remove it
entirely. I'd really like to help with this, but I am constantly confused
over what you think is the correct approach.
--
Ticket URL: <http://code.djangoproject.com/ticket/9977#comment:8>
Django <http://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en
-~----------~----~----~----~------~----~------~--~---
