#9977: CSRFMiddleware needs template tag
---------------------------------------------+------------------------------
Reporter: bthomas | Owner: lukeplant
Status: assigned | Milestone: 1.2
Component: HTTP handling | Version: SVN
Resolution: | Keywords: csrf
Stage: Design decision needed | Has_patch: 1
Needs_docs: 1 | Needs_tests: 0
Needs_better_patch: 1 |
---------------------------------------------+------------------------------
Comment (by lukeplant):
Hmm, not sure about that. It's a nice tweak, but:
* it makes the tests fail, and the fix isn't entirely trivial.
* if forms are created dynamically client side (e.g. by loading a bit of
HTML via AJAX), they will fail since the cookie has not been set.
Also, renaming csrfmiddlewaretoken to csrftoken would be good, but it will
give upgrade problems, since it used to be called csrfmiddlewaretoken. At
the moment, upgrading will be seamless for users even if they loaded a
form before the upgrade and submitted it after, and it would be good to
keep that.
With regards to "authid", I just thought it was too generic. "authtoken"
might be better, but hHaving "csrf" in it gives a big clue as to where it
has come from, and reduces the chance of clashes.
--
Ticket URL: <http://code.djangoproject.com/ticket/9977#comment:45>
Django <http://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en
-~----------~----~----~----~------~----~------~--~---
