#9977: CSRFMiddleware needs template tag
---------------------------------------------+------------------------------
Reporter: bthomas | Owner: lukeplant
Status: assigned | Milestone: 1.2
Component: HTTP handling | Version: SVN
Resolution: | Keywords: csrf
Stage: Design decision needed | Has_patch: 1
Needs_docs: 1 | Needs_tests: 0
Needs_better_patch: 1 |
---------------------------------------------+------------------------------
Comment (by Glenn):
Before someone else knocks me over the head with it, yeah, mod_cache is so
buggy it's useless (Vary: handling is totally broken). Time to look for a
better cache. The simpler fix for this seems to be Cache-control: no-
cache="set-cookie".
Not including the header is still better--cookies are, in fact, cachable
on a private cache, and the CSRF middleware obviously shouldn't blindly
add that header. So, I'd still like to get this cleaned up.
--
Ticket URL: <http://code.djangoproject.com/ticket/9977#comment:48>
Django <http://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en
-~----------~----~----~----~------~----~------~--~---
