#14182: CsrfViewMiddleware makes modification of the upload handlers impossible -------------------------------------------+-------------------------------- Reporter: dc | Owner: lukeplant Status: assigned | Milestone: Component: File uploads/storage | Version: 1.2 Resolution: | Keywords: csrf upload_handlers Stage: Unreviewed | Has_patch: 0 Needs_docs: 0 | Needs_tests: 0 Needs_better_patch: 0 | -------------------------------------------+-------------------------------- Comment (by laurikari):
Replying to [comment:1 lukeplant]: Using `...@csrf_exempt` and `...@csrf_protect` work, insofar that it's possible to add a custom upload handler that way. However, something worth noting is that if you do this, your upload handlers will be receiving file data _before_ the CSRF checks are done. It might be worth mentioning this also in Django documentation - upload handlers receive data which hasn't been checked for CSRF yet. -- Ticket URL: <http://code.djangoproject.com/ticket/14182#comment:2> Django <http://code.djangoproject.com/> The Web framework for perfectionists with deadlines. -- You received this message because you are subscribed to the Google Groups "Django updates" group. To post to this group, send email to django-upda...@googlegroups.com. To unsubscribe from this group, send email to django-updates+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-updates?hl=en.