diff options
| author | Luke Plant <L.Plant.98@cantab.net> | 2009-10-27 21:27:09 +0000 |
|---|---|---|
| committer | Luke Plant <L.Plant.98@cantab.net> | 2009-10-27 21:27:09 +0000 |
| commit | 43c2ed0eb3f9996539f03e4ad68a08534023659a (patch) | |
| tree | 13b675a91c9e4be1ed753b5deed650db259801c7 /docs | |
| parent | 4281bf3db058ed9ed860dd2f33a3de22d34dfa5f (diff) | |
Fixed #12095 - login and other contrib views failing if template rendered using inclusion tag.
The {% csrf_token %} tag is unable to get its value if a template is
rendered using an inclusion_tag, since that creates a brand new Context,
rather than using the existing one. Since this is a common pattern, and we
need CSRF protection to be as simple and easy as possible, we special case
the csrf_token and copy it from the parent context to the new context.
A more elegant and general solution may appear in future, but this is good
enough for now.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11672 bcc190cf-cafb-0310-a4f2-bffc1f526a37
Diffstat (limited to 'docs')
0 files changed, 0 insertions, 0 deletions
