On Thu, Apr 17, 2008 at 11:00 AM, Jacob Kaplan-Moss <[EMAIL PROTECTED]> wrote: > > On Thu, Apr 17, 2008 at 10:08 AM, mrts <[EMAIL PROTECTED]> wrote: > > This is cumbersome and error-prone, thus I propose that a SecureForm > > or CSRFSecureForm be added to newforms that would automate the steps > > given above (like CsrfMiddleware does). > > Agreed -- I was just talking with Simon the other day about adding a > SecureForm to django.contrib.csrf, and perhaps even de-emphasizing the > middleware (which is a bit scary, frankly) in favor of the more > explicit form. > > Jacob
Middleware is easy to set and forget. Is there a reason not to make SecureForm the default, and InsecureForm for people using Ajax? ;-) --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-developers@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-developers?hl=en -~----------~----~----~----~------~----~------~--~---