Re: [PATCH] Enable CsrfViewMiddleware -- make CSRF protection required by default

From: Marti Raudsepp <marti(at)juffo(dot)org>
To: Magnus Hagander <magnus(at)hagander(dot)net>
Cc: pgsql-www <pgsql-www(at)postgresql(dot)org>
Subject: Re: [PATCH] Enable CsrfViewMiddleware -- make CSRF protection required by default
Date: 2012-10-31 17:44:46
Message-ID: CABRT9RDPa2evS_FxcK-knTcXDaSwx0dFY2iZecunXoc26XQPSA@mail.gmail.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-www

On Wed, Oct 31, 2012 at 7:29 PM, Magnus Hagander <magnus(at)hagander(dot)net> wrote:
> The diff appears to be reversed. But that's easy enough to deal with during
> commit.

No, it's not reversed. I'm removing the explicit @csrf_protect
decorators because all views are now protected by default.

> Have you verified that it works with django 1.2 as well? The production
> deployment is on that quite old version still...

Yeah, I developed and tested this on Django 1.2

Regards,
Marti

In response to

Responses

Browse pgsql-www by date

  From Date Subject
Next Message Josh Berkus 2012-10-31 17:51:32 Re: Search points to ancient manuals
Previous Message Magnus Hagander 2012-10-31 17:29:52 Re: [PATCH] Enable CsrfViewMiddleware -- make CSRF protection required by default