#9977: CSRFMiddleware needs template tag
---------------------------------------------+------------------------------
Reporter: bthomas | Owner: lukeplant
Status: assigned | Milestone:
Component: Uncategorized | Version: SVN
Resolution: | Keywords: csrf
Stage: Design decision needed | Has_patch: 1
Needs_docs: 1 | Needs_tests: 0
Needs_better_patch: 1 |
---------------------------------------------+------------------------------
Comment (by Glenn):
Glenn Maynard <[email protected]>.
I'll apply and test the patch soon, but I don't see any functional
problems on a read-through.
The "some way to get the CSRF token" is a little odd left as it is. I
suppose it should say something like this:
{{{
If you are using ``CsrfResponseMiddleware`` and your app creates HTML
pages and
forms in some unusual way, (e.g. it sends fragments of HTML in JavaScript
document.write statements) you might bypass the filter that adds the
hidden
field to the form. In this case, form submission will always fail, and
the
field must be added explicitly with the template tag or the
:meth:`~django.contrib.csrf.get_token` method.
}}}
--
Ticket URL: <http://code.djangoproject.com/ticket/9977#comment:26>
Django <http://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en
-~----------~----~----~----~------~----~------~--~---
