diff options
| author | Timo Graham <timograham@gmail.com> | 2011-08-06 20:34:04 +0000 |
|---|---|---|
| committer | Timo Graham <timograham@gmail.com> | 2011-08-06 20:34:04 +0000 |
| commit | e3c89346d217fca92b62a6d11df6b4b6d5be28a2 (patch) | |
| tree | 6bd60e966b41a16378fbe8935988c18a045dcf3d /docs | |
| parent | 0350d65fa493230c8be7bfe8a79bc5ac1a6c7aba (diff) | |
Fixed #16430 - Stronger wording for CSRF protection in `modifying upload handlers on the fly`; thanks tomchristie.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16588 bcc190cf-cafb-0310-a4f2-bffc1f526a37
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/topics/http/file-uploads.txt | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/docs/topics/http/file-uploads.txt b/docs/topics/http/file-uploads.txt index 532695334a..b845772e97 100644 --- a/docs/topics/http/file-uploads.txt +++ b/docs/topics/http/file-uploads.txt @@ -278,13 +278,13 @@ list:: Also, ``request.POST`` is accessed by :class:`~django.middleware.csrf.CsrfViewMiddleware` which is enabled by - default. This means you will probably need to use + default. This means you will need to use :func:`~django.views.decorators.csrf.csrf_exempt` on your view to allow you - to change the upload handlers. Assuming you do need CSRF protection, you - will then need to use :func:`~django.views.decorators.csrf.csrf_protect` on - the function that actually processes the request. Note that this means that - the handlers may start receiving the file upload before the CSRF checks have - been done. Example code: + to change the upload handlers. You will then need to use + :func:`~django.views.decorators.csrf.csrf_protect` on the function that + actually processes the request. Note that this means that the handlers may + start receiving the file upload before the CSRF checks have been done. + Example code: .. code-block:: python |
