#9977: CSRFMiddleware needs template tag
---------------------------------------------+------------------------------
          Reporter:  bthomas                 |         Owner:  nobody
            Status:  new                     |     Milestone:        
         Component:  Uncategorized           |       Version:  1.0   
        Resolution:                          |      Keywords:  csrf  
             Stage:  Design decision needed  |     Has_patch:  1     
        Needs_docs:  1                       |   Needs_tests:  0     
Needs_better_patch:  1                       |  
---------------------------------------------+------------------------------
Comment (by bthomas):

 Replying to [comment:7 lukeplant]:
 > The 'noid' solution isn't really practical -- because it is manual, it
 means that templates for forms are not composable.  Personally, I would
 advocate removing the id attribute altogether.  The only use case for it
 is using the token in AJAX calls, but that shouldn't be necessary any
 longer (see the CSRF documentation).
 >
 > Removing the id attribute is slightly backwards incompatible, for the
 case of javascript that was relying on the behaviour of CsrfMiddleware to
 insert this attribute.  However, it was never documented that the
 CsrfMiddleware would do this, it was just a nice way to help AJAX apps to
 get around the middleware.  It's similar to the way that the admin
 HTML/CSS has changed - those changes can easily break custom admin
 templates or Javascript that was layered on top of the admin, but that's
 tough.  People are going to have to manually change stuff anyway to use
 the templatetag, so they should be aware of the change.
 >

 So, in your initial comment you said we needed to keep it and figure out a
 way to not add it multiple times, and now you propose to remove it
 entirely. I'd really like to help with this, but I am constantly confused
 over what you think is the correct approach.

-- 
Ticket URL: <http://code.djangoproject.com/ticket/9977#comment:8>
Django <http://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to 
[email protected]
For more options, visit this group at 
http://groups.google.com/group/django-updates?hl=en
-~----------~----~----~----~------~----~------~--~---

Reply via email to