#10816: CsrfMiddleware false positive after session.flush() -----------------------------------+---------------------------------------- Reporter: Glenn | Owner: lukeplant Status: new | Milestone: Component: Contrib apps | Version: SVN Resolution: | Keywords: csrf sessions Stage: Unreviewed | Has_patch: 1 Needs_docs: 0 | Needs_tests: 0 Needs_better_patch: 0 | -----------------------------------+---------------------------------------- Changes (by lukeplant):
* owner: nobody => lukeplant Comment: Thanks for that Glenn, looks very good at a first glance. Ticket #9977 is really doing just one thing - replacing the post- processing with a template tag. There are edge cases and backwards compatibility issues and so-on that it deals with, and some small refactoring in the tests to support it, but I don't think it is doing too much at once. Oh yeah, It also adds a mechanism for a custom view to be called if the mechanism is triggered. My vote is to merge this patch with #9977 after Django 1.1 is out. Post- processing the response is really nasty, and hardly any of the core devs are happy with the middleware being enabled by default if it is still doing post-processing. Although this complicates the docs a little bit, I think it is much better than changing the middleware twice. I'm happy to do that merge (which is a bit tricky, and will also involve moving the cookie setting code to a `process_response()` method in `CsrfViewMiddleware` ). -- Ticket URL: <http://code.djangoproject.com/ticket/10816#comment:8> Django <http://code.djangoproject.com/> The Web framework for perfectionists with deadlines. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django updates" group. To post to this group, send email to django-updates@googlegroups.com To unsubscribe from this group, send email to django-updates+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/django-updates?hl=en -~----------~----~----~----~------~----~------~--~---