#9977: CSRFMiddleware needs template tag
---------------------------------------------+------------------------------
Reporter: bthomas | Owner: lukeplant
Status: assigned | Milestone: 1.2
Component: HTTP handling | Version: SVN
Resolution: | Keywords: csrf
Stage: Design decision needed | Has_patch: 1
Needs_docs: 1 | Needs_tests: 0
Needs_better_patch: 1 |
---------------------------------------------+------------------------------
Comment (by Glenn):
Another tweak: only set the CSRF cookie if get_token was called.
{{{
def get_token(request):
"""
Returns the the CSRF token required for a POST form, or None if the
CSRF middleware
is not installed.
"""
request.META["CSRF_COOKIE_USED"] = True
return request.META.get("CSRF_COOKIE", None)
...
if not request.META.get("CSRF_COOKIE_USED", False):
return response
response.set_cookie(settings.CSRF_COOKIE_NAME,
request.META["CSRF_COOKIE"], max_age = 60 * 60 * 24 * 7 *
52,
domain=settings.CSRF_COOKIE_DOMAIN)
}}}
This avoids setting the header on every request, which is one of those
little incremental bits of waste in every request that Django shouldn't be
accumulating.
--
Ticket URL: <http://code.djangoproject.com/ticket/9977#comment:44>
Django <http://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to django-updates@googlegroups.com
To unsubscribe from this group, send email to
django-updates+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en
-~----------~----~----~----~------~----~------~--~---
