#15501: CSRF middleware does not handle REST api application correctly
---------------------------+------------------------------------------------
Reporter: ksnabb | Owner: nobody
Status: new | Milestone:
Component: HTTP handling | Version: 1.2
Keywords: | Triage Stage: Unreviewed
Has patch: 0 |
---------------------------+------------------------------------------------
The CSRF middleware does not work if the application is a strict RESTful
api that returns JSON with GET requests and adds information with POST
requests. This problem came with the upgrade to Django version 1.2.5
A solution would be to add 'application/json' and 'application/javascript'
to the types that should return a response with a csrtoken cookie.
---->
This is in the current csrf middleware:
_HTML_TYPES = ('text/html', 'application/xhtml+xml')
http://code.djangoproject.com/browser/django/trunk/django/middleware/csrf.py?rev=15623
I did not find any good workarounds or other documentation about this so I
report it here.
--
Ticket URL: <http://code.djangoproject.com/ticket/15501>
Django <http://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en.
