Author: carljm
Date: 2011-06-10 09:19:56 -0700 (Fri, 10 Jun 2011)
New Revision: 16362
Modified:
django/branches/releases/1.3.X/docs/ref/contrib/csrf.txt
Log:
[1.3.X] Refs #15855 -- Recommended the csrf_protect decorator rather than
vary_on_cookie as workaround for cache_page caching the response before it gets
to middleware.
Backport of r16361 from trunk.
Modified: django/branches/releases/1.3.X/docs/ref/contrib/csrf.txt
===================================================================
--- django/branches/releases/1.3.X/docs/ref/contrib/csrf.txt 2011-06-10
16:18:40 UTC (rev 16361)
+++ django/branches/releases/1.3.X/docs/ref/contrib/csrf.txt 2011-06-10
16:19:56 UTC (rev 16362)
@@ -408,15 +408,16 @@
all other middleware).
However, if you use cache decorators on individual views, the CSRF middleware
-will not yet have been able to set the Vary header. In this case, on any views
-that will require a CSRF token to be inserted you should use the
-:func:`django.views.decorators.vary.vary_on_cookie` decorator first::
+will not yet have been able to set the Vary header or the CSRF cookie, and the
+response will be cached without either one. In this case, on any views that
+will require a CSRF token to be inserted you should use the
+:func:`django.views.decorators.csrf.csrf_protect` decorator first::
from django.views.decorators.cache import cache_page
- from django.views.decorators.vary import vary_on_cookie
+ from django.views.decorators.csrf import csrf_protect
@cache_page(60 * 15)
- @vary_on_cookie
+ @csrf_protect
def my_view(request):
# ...
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en.
