diff options
| author | Timo Graham <timograham@gmail.com> | 2011-08-06 20:34:19 +0000 |
|---|---|---|
| committer | Timo Graham <timograham@gmail.com> | 2011-08-06 20:34:19 +0000 |
| commit | 3e5fc7ebb1ebbaa2d6815b8e5b98d8c845012bca (patch) | |
| tree | 65ee3a6ff1a8daf26661aebeaca88952ede8fa26 | |
| parent | 199f10f9c09c5e5073c2e3a3a03f4a66d5c36855 (diff) | |
[1.3.X] Fixed #16430 - Stronger wording for CSRF protection in `modifying upload handlers on the fly`; thanks tomchristie.
Backport of r16588 from trunk.
git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.3.X@16589 bcc190cf-cafb-0310-a4f2-bffc1f526a37
| -rw-r--r-- | docs/topics/http/file-uploads.txt | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/docs/topics/http/file-uploads.txt b/docs/topics/http/file-uploads.txt index 532695334a..b845772e97 100644 --- a/docs/topics/http/file-uploads.txt +++ b/docs/topics/http/file-uploads.txt @@ -278,13 +278,13 @@ list:: Also, ``request.POST`` is accessed by :class:`~django.middleware.csrf.CsrfViewMiddleware` which is enabled by - default. This means you will probably need to use + default. This means you will need to use :func:`~django.views.decorators.csrf.csrf_exempt` on your view to allow you - to change the upload handlers. Assuming you do need CSRF protection, you - will then need to use :func:`~django.views.decorators.csrf.csrf_protect` on - the function that actually processes the request. Note that this means that - the handlers may start receiving the file upload before the CSRF checks have - been done. Example code: + to change the upload handlers. You will then need to use + :func:`~django.views.decorators.csrf.csrf_protect` on the function that + actually processes the request. Note that this means that the handlers may + start receiving the file upload before the CSRF checks have been done. + Example code: .. code-block:: python |