Author: lukeplant
Date: 2011-03-30 10:35:41 -0700 (Wed, 30 Mar 2011)
New Revision: 15956
Modified:
django/trunk/django/views/decorators/csrf.py
django/trunk/docs/internals/deprecation.txt
django/trunk/tests/regressiontests/csrf_tests/tests.py
Log:
Deprecated csrf_response_exempt and csrf_view_exempt decorators
With the removal of CsrfResponseMiddleware, csrf_response_exempt serves no
purposes, and csrf_exempt and csrf_view_exempt perform the same function.
Modified: django/trunk/django/views/decorators/csrf.py
===================================================================
--- django/trunk/django/views/decorators/csrf.py 2011-03-30 17:35:32 UTC
(rev 15955)
+++ django/trunk/django/views/decorators/csrf.py 2011-03-30 17:35:41 UTC
(rev 15956)
@@ -1,3 +1,5 @@
+import warnings
+
from django.middleware.csrf import CsrfViewMiddleware
from django.utils.decorators import decorator_from_middleware, available_attrs
from functools import wraps
@@ -31,16 +33,23 @@
Modifies a view function so that its response is exempt
from the post-processing of the CSRF middleware.
"""
- def wrapped_view(*args, **kwargs):
- resp = view_func(*args, **kwargs)
- resp.csrf_exempt = True
- return resp
- return wraps(view_func, assigned=available_attrs(view_func))(wrapped_view)
+ warnings.warn("csrf_response_exempt is deprecated. It no longer performs a
"
+ "function, and calls to it can be removed.",
+ PendingDeprecationWarning)
+ return view_func
def csrf_view_exempt(view_func):
"""
Marks a view function as being exempt from CSRF view protection.
"""
+ warnings.warn("csrf_view_exempt is deprecated. Use csrf_exempt instead.",
+ PendingDeprecationWarning)
+ return csrf_exempt(view_func)
+
+def csrf_exempt(view_func):
+ """
+ Marks a view function as being exempt from the CSRF view protection.
+ """
# We could just do view_func.csrf_exempt = True, but decorators
# are nicer if they don't have side-effects, so we return a new
# function.
@@ -48,13 +57,3 @@
return view_func(*args, **kwargs)
wrapped_view.csrf_exempt = True
return wraps(view_func, assigned=available_attrs(view_func))(wrapped_view)
-
-def csrf_exempt(view_func):
- """
- Marks a view function as being exempt from the CSRF checks
- and post processing.
-
- This is the same as using both the csrf_view_exempt and
- csrf_response_exempt decorators.
- """
- return csrf_response_exempt(csrf_view_exempt(view_func))
Modified: django/trunk/docs/internals/deprecation.txt
===================================================================
--- django/trunk/docs/internals/deprecation.txt 2011-03-30 17:35:32 UTC (rev
15955)
+++ django/trunk/docs/internals/deprecation.txt 2011-03-30 17:35:41 UTC (rev
15956)
@@ -179,6 +179,13 @@
have been deprecated since the 1.4 release. The native versions
should be used instead.
+ * The :func:`~django.views.decorators.csrf.csrf_response_exempt` and
+ :func:`~django.views.decorators.csrf.csrf_view_exempt` decorators
will
+ be removed. Since 1.4 ``csrf_response_exempt`` has been a no-op (it
+ returns the same function), and ``csrf_view_exempt`` has been a
+ synonym for ``django.views.decorators.csrf.csrf_exempt``, which
should
+ be used to replace it.
+
* 2.0
* ``django.views.defaults.shortcut()``. This function has been moved
to ``django.contrib.contenttypes.views.shortcut()`` as part of the
Modified: django/trunk/tests/regressiontests/csrf_tests/tests.py
===================================================================
--- django/trunk/tests/regressiontests/csrf_tests/tests.py 2011-03-30
17:35:32 UTC (rev 15955)
+++ django/trunk/tests/regressiontests/csrf_tests/tests.py 2011-03-30
17:35:41 UTC (rev 15956)
@@ -4,7 +4,7 @@
from django.test import TestCase
from django.http import HttpRequest, HttpResponse
from django.middleware.csrf import CsrfViewMiddleware
-from django.views.decorators.csrf import csrf_exempt, csrf_view_exempt,
requires_csrf_token
+from django.views.decorators.csrf import csrf_exempt, requires_csrf_token
from django.core.context_processors import csrf
from django.conf import settings
from django.template import RequestContext, Template
@@ -200,10 +200,10 @@
def test_get_token_for_exempt_view(self):
"""
- Check that get_token still works for a view decorated with
'csrf_view_exempt'.
+ Check that get_token still works for a view decorated with
'csrf_exempt'.
"""
req = self._get_GET_csrf_cookie_request()
- CsrfViewMiddleware().process_view(req, csrf_view_exempt(token_view),
(), {})
+ CsrfViewMiddleware().process_view(req, csrf_exempt(token_view), (), {})
resp = token_view(req)
self._check_token_present(resp)
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en.
