Seems to only be a problem when my over-ridden view function calls
down to the base class view implementation. And indeed an excessive
exercise in copy-and-pasting fixes it.
It would be nice if there was a clean simple way to turn CSRF off in
sub-classed
admin sites. E.g:
class MyAdminSite(AdminSite):
csrf_protection = False
I guess I'll open a ticket for it.
Paul.
On May 18, 10:47 am, Spaceman Paul <[email protected]> wrote:
> Hi, I just upgraded to Django 1.2 and am having some problems.
>
> My project contains several customised django.contrib.admin sites that
> offer highly stripped down subsets of admin functionality. These
> customised sites do not use authentication and are expected to be
> POSTed to both by users and by external applications. This new cross-
> site request forgery protection magic therefore severely gets in the
> way.
>
> Is there a quick/simple way to turn CSRF protection off for these
> AdminSite subclasses? I've tried decorating my (already over-ridden
> views) with "csrf_exempt" and am already over-riding the templates
> with ones that don't have a {% csrf_token %} tag, but I'm still
> getting CSRF 403 errors.
>
> Regards,
>
> Paul.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django users" group.
> To post to this group, send email to [email protected].
> To unsubscribe from this group, send email to
> [email protected].
> For more options, visit this group
> athttp://groups.google.com/group/django-users?hl=en.
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en.
