diff options
| author | Luke Plant <L.Plant.98@cantab.net> | 2009-10-30 00:17:29 +0000 |
|---|---|---|
| committer | Luke Plant <L.Plant.98@cantab.net> | 2009-10-30 00:17:29 +0000 |
| commit | 5a0aab41ee4de9e465164d3fbba9336c1fefa5ec (patch) | |
| tree | cd70fa86d4eb3c50b51f5527160afc8dea63f3de /docs/ref | |
| parent | 96658ef2d24bd05c75aa98c5318d49f7e26549e7 (diff) | |
Allow CsrfResponseMiddleware to be used if templates cannot be updated.
For the case where someone is using contrib views with custom templates that
they cannot update to use the template tag, it should be possible to use
CsrfResponseMiddleware. This requires that 'csrf_response_exempt' is not
used for the admin views.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11683 bcc190cf-cafb-0310-a4f2-bffc1f526a37
Diffstat (limited to 'docs/ref')
| -rw-r--r-- | docs/ref/contrib/csrf.txt | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/docs/ref/contrib/csrf.txt b/docs/ref/contrib/csrf.txt index 0cbe59907c..126df83676 100644 --- a/docs/ref/contrib/csrf.txt +++ b/docs/ref/contrib/csrf.txt @@ -178,7 +178,9 @@ Note that contrib apps, such as the admin, have been updated to use the customised templates to any of the view functions of contrib apps (whether explicitly via a keyword argument, or by overriding built-in templates), **you MUST update them** to include the ``csrf_token`` template tag as described -above, or they will stop working. +above, or they will stop working. (If you cannot update these templates for +some reason, you will be forced to use ``CsrfResponseMiddleware`` for these +views to continue working). Assuming you have followed the above, all views in your Django site will now be protected by the ``CsrfViewMiddleware``. Contrib apps meet the requirements |
