[Changeset] r13961 - django/branches/releases/1.2.X/docs/topics/http

Wed, 29 Sep 2010 10:34:30 -0700 

Author: lukeplant
Date: 2010-09-29 12:34:26 -0500 (Wed, 29 Sep 2010)
New Revision: 13961

Modified:
   django/branches/releases/1.2.X/docs/topics/http/file-uploads.txt
Log:
[1.2.X] Fixed #14182 - documented how to modify upload handlers when using 
CsrfViewMiddleware

Thanks to dc for the report.

Backport of [13960] from trunk

Modified: django/branches/releases/1.2.X/docs/topics/http/file-uploads.txt
===================================================================
--- django/branches/releases/1.2.X/docs/topics/http/file-uploads.txt    
2010-09-29 16:35:34 UTC (rev 13960)
+++ django/branches/releases/1.2.X/docs/topics/http/file-uploads.txt    
2010-09-29 17:34:26 UTC (rev 13961)
@@ -270,6 +270,30 @@
     Thus, you should always modify uploading handlers as early in your view as
     possible.
 
+    Also, ``request.POST`` is accessed by
+    :class:`~django.middleware.csrf.CsrfViewMiddleware` which is enabled by
+    default. This means you will probably need to use
+    :func:`~django.views.decorators.csrf.csrf_exempt` on your view to allow you
+    to change the upload handlers. Assuming you do need CSRF protection, you
+    will then need to use :func:`~django.views.decorators.csrf.csrf_protect` on
+    the function that actually processes the request.  Note that this means 
that
+    the handlers may start receiving the file upload before the CSRF checks 
have
+    been done. Example code:
+
+    .. code-block:: python
+
+        from django.views.decorators.csrf import csrf_exempt, csrf_protect
+
+        @csrf_exempt
+        def upload_file_view(request):
+            request.upload_handlers.insert(0, ProgressBarUploadHandler())
+            return _upload_file_view(request)
+
+        @csrf_protect
+        def _upload_file_view(request):
+            ... # Process request
+
+
 Writing custom upload handlers
 ------------------------------
 

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To post to this group, send email to django-upda...@googlegroups.com.
To unsubscribe from this group, send email to 
django-updates+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-updates?hl=en.

Reply via email to