TemplateResponse and decorator_from_middleware

Tue, 10 May 2011 18:34:22 -0700 

When TemplateResponse and process_template_response were introduced,
decorator_from_middleware was not updated to match. This produces at
least this problem:

The csrf_protect decorator, which is just
decorator_from_middleware(CsrfViewMiddleware), does not work correctly
on its own. Because the template isn't rendered until after the
decorator has fully run, get_token() is not called before
CsrfViewMiddleware.process_response, which means the latter does not
realise it has to send the cookie, and doesn't do so.

An example view which demonstrates the problem is the login view, which
now uses TemplateResponse (since April 22nd - had it been earlier, I
would have found this sooner).

I imagine there are others, especially with caching decorators, but I'm
surprised this hasn't been caught earlier.

However, I also imagine there will be problems if we change this, or at
least we could end up removing some of the usefulness of
TemplateResponse, since any decorator based on decorator_from_middleware
will cause the template to be rendered.

I've written a patch (attached), and running the test suite with it
produces no errors, but I'm still a bit nervous about it. Any input
would be appreciated.

Regards,

Luke


-- 
Parenthetical remarks (however relevant) are unnecessary

Luke Plant || http://lukeplant.me.uk/

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers" group.
To post to this group, send email to django-developers@googlegroups.com.
To unsubscribe from this group, send email to 
django-developers+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-developers?hl=en.


diff -r 0723c5fc388e django/utils/decorators.py
--- a/django/utils/decorators.py	Sat May 07 17:05:06 2011 +0000
+++ b/django/utils/decorators.py	Wed May 11 01:33:51 2011 +0100
@@ -95,6 +95,10 @@
                         if result is not None:
                             return result
                     raise
+                if hasattr(response, 'render') and callable(response.render):
+                    if hasattr(middleware, 'process_template_response'):
+                        response = middleware.process_template_response(request, response)
+                    response.render()
                 if hasattr(middleware, 'process_response'):
                     result = middleware.process_response(request, response)
                     if result is not None:

Reply via email to