summaryrefslogtreecommitdiff
path: root/docs
diff options
context:
space:
mode:
authorLuke Plant <L.Plant.98@cantab.net>2010-09-29 16:35:34 +0000
committerLuke Plant <L.Plant.98@cantab.net>2010-09-29 16:35:34 +0000
commit89ea98ca5666c0d42b3ab77fcc48f9636dde88f1 (patch)
tree36855499283eb175bf7d3c81219c0d6a5c274800 /docs
parente2f55fbde66a5e50a0a8982c6fe399275ad8f617 (diff)
Fixed #14182 - documented how to modify upload handlers when using CsrfViewMiddleware
Thanks to dc for the report. git-svn-id: http://code.djangoproject.com/svn/django/trunk@13960 bcc190cf-cafb-0310-a4f2-bffc1f526a37
Diffstat (limited to 'docs')
-rw-r--r--docs/topics/http/file-uploads.txt24
1 files changed, 24 insertions, 0 deletions
diff --git a/docs/topics/http/file-uploads.txt b/docs/topics/http/file-uploads.txt
index 6b0a4d5722..c505cac7ee 100644
--- a/docs/topics/http/file-uploads.txt
+++ b/docs/topics/http/file-uploads.txt
@@ -270,6 +270,30 @@ list::
Thus, you should always modify uploading handlers as early in your view as
possible.
+ Also, ``request.POST`` is accessed by
+ :class:`~django.middleware.csrf.CsrfViewMiddleware` which is enabled by
+ default. This means you will probably need to use
+ :func:`~django.views.decorators.csrf.csrf_exempt` on your view to allow you
+ to change the upload handlers. Assuming you do need CSRF protection, you
+ will then need to use :func:`~django.views.decorators.csrf.csrf_protect` on
+ the function that actually processes the request. Note that this means that
+ the handlers may start receiving the file upload before the CSRF checks have
+ been done. Example code:
+
+ .. code-block:: python
+
+ from django.views.decorators.csrf import csrf_exempt, csrf_protect
+
+ @csrf_exempt
+ def upload_file_view(request):
+ request.upload_handlers.insert(0, ProgressBarUploadHandler())
+ return _upload_file_view(request)
+
+ @csrf_protect
+ def _upload_file_view(request):
+ ... # Process request
+
+
Writing custom upload handlers
------------------------------