diff options
| author | Luke Plant <L.Plant.98@cantab.net> | 2010-09-29 17:34:26 +0000 |
|---|---|---|
| committer | Luke Plant <L.Plant.98@cantab.net> | 2010-09-29 17:34:26 +0000 |
| commit | ed1aa807e22c8c76fd7885153d23544061a2f2ee (patch) | |
| tree | f14e7317866b8ab039a5fcef69d59ab970fd85b5 | |
| parent | f27d85b8f4fa16f0d98d4dd56a6a77575ac0e952 (diff) | |
[1.2.X] Fixed #14182 - documented how to modify upload handlers when using CsrfViewMiddleware
Thanks to dc for the report.
Backport of [13960] from trunk
git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.2.X@13961 bcc190cf-cafb-0310-a4f2-bffc1f526a37
| -rw-r--r-- | docs/topics/http/file-uploads.txt | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/docs/topics/http/file-uploads.txt b/docs/topics/http/file-uploads.txt index 6b0a4d5722..c505cac7ee 100644 --- a/docs/topics/http/file-uploads.txt +++ b/docs/topics/http/file-uploads.txt @@ -270,6 +270,30 @@ list:: Thus, you should always modify uploading handlers as early in your view as possible. + Also, ``request.POST`` is accessed by + :class:`~django.middleware.csrf.CsrfViewMiddleware` which is enabled by + default. This means you will probably need to use + :func:`~django.views.decorators.csrf.csrf_exempt` on your view to allow you + to change the upload handlers. Assuming you do need CSRF protection, you + will then need to use :func:`~django.views.decorators.csrf.csrf_protect` on + the function that actually processes the request. Note that this means that + the handlers may start receiving the file upload before the CSRF checks have + been done. Example code: + + .. code-block:: python + + from django.views.decorators.csrf import csrf_exempt, csrf_protect + + @csrf_exempt + def upload_file_view(request): + request.upload_handlers.insert(0, ProgressBarUploadHandler()) + return _upload_file_view(request) + + @csrf_protect + def _upload_file_view(request): + ... # Process request + + Writing custom upload handlers ------------------------------ |
