#14182: CsrfViewMiddleware makes modification of the upload handlers impossible
-------------------------------------------+--------------------------------
Reporter: dc | Owner: lukeplant
Status: assigned | Milestone:
Component: File uploads/storage | Version: 1.2
Resolution: | Keywords: csrf
upload_handlers
Stage: Unreviewed | Has_patch: 0
Needs_docs: 0 | Needs_tests: 0
Needs_better_patch: 0 |
-------------------------------------------+--------------------------------
Comment (by laurikari):
Replying to [comment:1 lukeplant]:
Using `...@csrf_exempt` and `...@csrf_protect` work, insofar that it's possible
to add a custom upload handler that way.
However, something worth noting is that if you do this, your upload
handlers will be receiving file data _before_ the CSRF checks are done.
It might be worth mentioning this also in Django documentation - upload
handlers receive data which hasn't been checked for CSRF yet.
--
Ticket URL: <http://code.djangoproject.com/ticket/14182#comment:2>
Django <http://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to django-upda...@googlegroups.com.
To unsubscribe from this group, send email to
django-updates+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en.
