On Wed, 2011-04-06 at 12:28 -0300, Guilherme Salgado wrote: > Signed-off-by: Guilherme Salgado <[email protected]> > --- > apps/settings.py | 3 +++ > 1 files changed, 3 insertions(+), 0 deletions(-) > > diff --git a/apps/settings.py b/apps/settings.py > index 68837b3..10813d4 100644 > --- a/apps/settings.py > +++ b/apps/settings.py > @@ -63,6 +63,9 @@ MIDDLEWARE_CLASSES = ( > 'django.contrib.auth.middleware.AuthenticationMiddleware', > 'django.middleware.doc.XViewMiddleware', > 'django.middleware.csrf.CsrfViewMiddleware', > + # If using Django 1.1, instead of the line above you'll need: > + # 'django.contrib.csrf.CsrfViewMiddleware', > + # 'django.contrib.csrf.CsrfResponseMiddleware',
In fact, this should've been 'django.contrib.csrf.middleware.Csrf...', but although it should be enough to provide CSRF protection on Django 1.1 it doesn't seem to be enough to make Patchwork run on top of Django 1.1 because the templates use the 'csrf_token' tag, which is not available in 1.1. Maybe we should just update the docs to state that 1.2 or later is required? -- Guilherme Salgado <https://launchpad.net/~salgado>
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Patchwork mailing list [email protected] https://lists.ozlabs.org/listinfo/patchwork
