summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--django/contrib/admin/sites.py4
-rw-r--r--docs/ref/contrib/csrf.txt4
2 files changed, 5 insertions, 3 deletions
diff --git a/django/contrib/admin/sites.py b/django/contrib/admin/sites.py
index 33126999c8..52ef57370d 100644
--- a/django/contrib/admin/sites.py
+++ b/django/contrib/admin/sites.py
@@ -3,7 +3,7 @@ from django import http, template
from django.contrib.admin import ModelAdmin
from django.contrib.admin import actions
from django.contrib.auth import authenticate, login
-from django.views.decorators.csrf import csrf_protect, csrf_response_exempt
+from django.views.decorators.csrf import csrf_protect
from django.db.models.base import ModelBase
from django.core.exceptions import ImproperlyConfigured
from django.core.urlresolvers import reverse
@@ -189,7 +189,7 @@ class AdminSite(object):
inner = never_cache(inner)
# We add csrf_protect here so this function can be used as a utility
# function for any view, without having to repeat 'csrf_protect'.
- inner = csrf_response_exempt(csrf_protect(inner))
+ inner = csrf_protect(inner)
return update_wrapper(inner, view)
def get_urls(self):
diff --git a/docs/ref/contrib/csrf.txt b/docs/ref/contrib/csrf.txt
index 0cbe59907c..126df83676 100644
--- a/docs/ref/contrib/csrf.txt
+++ b/docs/ref/contrib/csrf.txt
@@ -178,7 +178,9 @@ Note that contrib apps, such as the admin, have been updated to use the
customised templates to any of the view functions of contrib apps (whether
explicitly via a keyword argument, or by overriding built-in templates), **you
MUST update them** to include the ``csrf_token`` template tag as described
-above, or they will stop working.
+above, or they will stop working. (If you cannot update these templates for
+some reason, you will be forced to use ``CsrfResponseMiddleware`` for these
+views to continue working).
Assuming you have followed the above, all views in your Django site will now be
protected by the ``CsrfViewMiddleware``. Contrib apps meet the requirements