#9977: CSRFMiddleware needs template tag
---------------------------------------------+------------------------------
Reporter: bthomas | Owner: lukeplant
Status: assigned | Milestone: 1.2
Component: HTTP handling | Version: SVN
Resolution: | Keywords: csrf
Stage: Design decision needed | Has_patch: 1
Needs_docs: 1 | Needs_tests: 0
Needs_better_patch: 1 |
---------------------------------------------+------------------------------
Comment (by lukeplant):
I still don't like the hidden side effect of get_token(), but you
convinced me. I added your code and implemented the tests.
For testing this type of requirement we actually need
functional/integration tests, rather than (or in addition to) narrow unit
tests. I managed to write tests that passed, but overall it was still
broken — because the context processor was not lazy, get_token() was
called when {% csrf_token %} was not used.
Updated patch will be attached.
(BTW, that rationale for using something like Mecurial is that it makes
this kind of work much, ''much'' easier than Subversion + diffs.
Subversion completely fails here because: 1) it has very poor merge
support 2) we can't develop this kind of thing inside the main repository
anyway. Diffing diffs to work out what someone has changed is not much
fun, neither is updating the patch against trunk. With Mercurial,
updating your branch from trunk is one or two commands, and integrating
someone else's work is one command, and it doesn't get harder if lots of
people are working on it. But I understand if you don't want to learn to
use it).
--
Ticket URL: <http://code.djangoproject.com/ticket/9977#comment:49>
Django <http://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en
-~----------~----~----~----~------~----~------~--~---
