#9977: CSRFMiddleware needs template tag
---------------------------------------------+------------------------------
Reporter: bthomas | Owner: lukeplant
Status: assigned | Milestone: 1.2
Component: HTTP handling | Version: SVN
Resolution: | Keywords: csrf
Stage: Design decision needed | Has_patch: 1
Needs_docs: 1 | Needs_tests: 0
Needs_better_patch: 1 |
---------------------------------------------+------------------------------
Changes (by lukeplant):
* milestone: => 1.2
Comment:
Thanks Glenn.
I had already implemented some of this (in particular the
CSRF_COOKIE_DOMAIN setting) in my hg repository that I mentioned before:
http://bitbucket.org/spookylukey/django-trunk-lukeplant/
I've now merged in your changes. I kept the existing name of the CSRF
cookie ("csrf_token") rather than use "authid" which seemed a bit obscure.
If possible, 'hg bundles' or pull requests against that repo would be
preferred -- I'm using a repos since this patch is rather long-lived and I
want easy merges with trunk.
At some point I'll implement the remaining things on the CsrfProtection
page, but probably after it has been fully discussed, post the 1.1
release.
Note to other contributors: MOST RECENT PATCH IS NOT STORED ON THIS
TICKET, but in hg repository mentioned above.
--
Ticket URL: <http://code.djangoproject.com/ticket/9977#comment:42>
Django <http://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en
-~----------~----~----~----~------~----~------~--~---
