diff options
| author | Luke Plant <L.Plant.98@cantab.net> | 2010-02-04 21:47:19 +0000 |
|---|---|---|
| committer | Luke Plant <L.Plant.98@cantab.net> | 2010-02-04 21:47:19 +0000 |
| commit | def34da85c22fecc03bf9d640c54664231a219f6 (patch) | |
| tree | 2b3cdd13ef87f0c66f0de9b4255d5d049efb864a | |
| parent | 96a10094e8e7095e1c818231031d7bcbf9dac95a (diff) | |
Fixed #12358 - csrf_token template tag does not work with flatpages.
Thanks to phretor for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@12381 bcc190cf-cafb-0310-a4f2-bffc1f526a37
| -rw-r--r-- | django/contrib/flatpages/views.py | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/django/contrib/flatpages/views.py b/django/contrib/flatpages/views.py index 37d12c93a3..336600328d 100644 --- a/django/contrib/flatpages/views.py +++ b/django/contrib/flatpages/views.py @@ -5,9 +5,15 @@ from django.http import HttpResponse, HttpResponseRedirect from django.conf import settings from django.core.xheaders import populate_xheaders from django.utils.safestring import mark_safe +from django.views.decorators.csrf import csrf_protect DEFAULT_TEMPLATE = 'flatpages/default.html' +# This view is called from FlatpageFallbackMiddleware.process_response +# when a 404 is raised, which often means CsrfViewMiddleware.process_view +# has not been called even if CsrfViewMiddleware is installed. So we need +# to use @csrf_protect, in case the template needs {% csrf_token %}. +@csrf_protect def flatpage(request, url): """ Flat page view. |
