#15008: Convert admin views to use TemplateResponse
-------------------------------------+-------------------------------------
Reporter: acdha | Owner: acdha
Type: | Status: closed
Cleanup/optimization | Component: contrib.admin
Milestone: | Severity: Normal
Version: SVN | Keywords: templateresponse
Resolution: fixed | Has patch: 1
Triage Stage: Accepted | Needs tests: 0
Needs documentation: 1 | Easy pickings: 0
Patch needs improvement: 1 |
-------------------------------------+-------------------------------------
Comment (by lukeplant):
I'm about to fix to #16004, and I've realised this will render [16087]
almost completely useless, because `csrf_protect` is applied to all or
almost all the views affected here, and the fix will make all those views
render the respective `TemplateResponse` objects, so they can no longer be
customised. This is a necessary fix to make the admin CSRF protection (and
any other CSRF protection) work in the absence of `CsrfViewMiddleware` -
otherwise you'll get 403 errors. (I'm actually experiencing this in my
tests for one project. The tests use Twill, and so do more realistic
testing than any of Django's built in tests).
I should note that with my fix, none of the existing tests actually fail,
because they don't test at what point the `TemplateResponse` is rendered.
So, what to do? #16004 is a bug, and it's a serious one that ought to have
been fixed in 1.3. This ticket is a feature that has been added since 1.3.
That means it loses, as far as I can see. I brought this issue up here:
http://groups.google.com/group/django-
developers/browse_thread/thread/f96e982254fbe5c3?pli=1
Can the relevant people please respond to this thread? Otherwise I will
have to go ahead and fix #16004. Then the only sensible thing would be to
revert [16087].
--
Ticket URL: <https://code.djangoproject.com/ticket/15008#comment:12>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en.