#9977: CSRFMiddleware needs template tag ---------------------------------------------+------------------------------ Reporter: bthomas | Owner: lukeplant Status: assigned | Milestone: Component: HTTP handling | Version: SVN Resolution: | Keywords: csrf Stage: Design decision needed | Has_patch: 1 Needs_docs: 1 | Needs_tests: 0 Needs_better_patch: 1 | ---------------------------------------------+------------------------------ Comment (by Glenn):
Refresh my memory: what's the point of _make_token() again? Why isn't the CSRF cookie equal to the CSRF token? I need this to fill in the CSRF form field from another part of a site I'm developing; it's written in PHP, so it doesn't have access to the Python helpers. I could copy over the secret key and hash it myself, but I can't remember any purpose to this hashing. I specifically remember discussing the advantages: so your own JS can add the CSRF token for generated forms, which is just another form of what I'm doing. I can't remember why we didn't do it--my guess is we just forgot. I've made this change locally and it's working well. -- Ticket URL: <http://code.djangoproject.com/ticket/9977#comment:39> Django <http://code.djangoproject.com/> The Web framework for perfectionists with deadlines. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django updates" group. To post to this group, send email to django-updates@googlegroups.com To unsubscribe from this group, send email to django-updates+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/django-updates?hl=en -~----------~----~----~----~------~----~------~--~---