#15501: CSRF middleware does not handle REST api application correctly -----------------------------------------+---------------------------------- Reporter: ksnabb | Owner: nobody Status: closed | Milestone: Component: HTTP handling | Version: 1.2 Resolution: wontfix | Keywords: Triage Stage: Unreviewed | Has patch: 0 Needs documentation: 0 | Needs tests: 0 Patch needs improvement: 0 | -----------------------------------------+---------------------------------- Changes (by lrekucki):
* status: new => closed * needs_docs: => 0 * resolution: => wontfix * needs_tests: => 0 * needs_better_patch: => 0 Comment: CsrfResponseMiddleware is ''deprecated''. The correct way to handle this, is using CsrfViewMiddleware and adding the token as a cookie . See the blog post about [http://www.djangoproject.com/weblog/2011/feb/08/security/ 1.2.5 security release] and it's [http://www.djangoproject.com/weblog/2011/feb/10/security-errata/ errata] -- Ticket URL: <http://code.djangoproject.com/ticket/15501#comment:1> Django <http://code.djangoproject.com/> The Web framework for perfectionists with deadlines. -- You received this message because you are subscribed to the Google Groups "Django updates" group. To post to this group, send email to django-updates@googlegroups.com. To unsubscribe from this group, send email to django-updates+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-updates?hl=en.