#9977: CSRFMiddleware needs template tag ---------------------------------------------+------------------------------ Reporter: bthomas | Owner: lukeplant Status: assigned | Milestone: 1.2 Component: HTTP handling | Version: SVN Resolution: | Keywords: csrf Stage: Design decision needed | Has_patch: 1 Needs_docs: 1 | Needs_tests: 0 Needs_better_patch: 1 | ---------------------------------------------+------------------------------ Comment (by Glenn):
Another tweak: only set the CSRF cookie if get_token was called. {{{ def get_token(request): """ Returns the the CSRF token required for a POST form, or None if the CSRF middleware is not installed. """ request.META["CSRF_COOKIE_USED"] = True return request.META.get("CSRF_COOKIE", None) ... if not request.META.get("CSRF_COOKIE_USED", False): return response response.set_cookie(settings.CSRF_COOKIE_NAME, request.META["CSRF_COOKIE"], max_age = 60 * 60 * 24 * 7 * 52, domain=settings.CSRF_COOKIE_DOMAIN) }}} This avoids setting the header on every request, which is one of those little incremental bits of waste in every request that Django shouldn't be accumulating. -- Ticket URL: <http://code.djangoproject.com/ticket/9977#comment:44> Django <http://code.djangoproject.com/> The Web framework for perfectionists with deadlines. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django updates" group. To post to this group, send email to django-updates@googlegroups.com To unsubscribe from this group, send email to django-updates+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/django-updates?hl=en -~----------~----~----~----~------~----~------~--~---