On Nov 10, 2007 8:58 PM, Malcolm Tredinnick <[EMAIL PROTECTED]> wrote:
> Yeah, I'm not really sure what I mean, design-wise. I feel a little > uncomfortable about requiring the csrf key all the time in form > submissions, but I can't pin down why yet. As a consequence of that, the > middleware doesn't quite do the trick for me, because it's always on > (you can't say "don't touch this form, I'm handling it manually"). I think the use case for when you don't want CSRF protection is when you are trying to encourage someone to send you POSTS. Think a "google search engine form" on your own home page where you are implementing the "google" part or perhaps a piece of software that posts to home regarding an error condition. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-developers@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-developers?hl=en -~----------~----~----~----~------~----~------~--~---