#15501: CSRF middleware does not handle REST api application correctly
-----------------------------------------+----------------------------------
Reporter: ksnabb | Owner: nobody
Status: closed | Milestone:
Component: HTTP handling | Version: 1.2
Resolution: wontfix | Keywords:
Triage Stage: Unreviewed | Has patch: 0
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 0 |
-----------------------------------------+----------------------------------
Changes (by lrekucki):
* status: new => closed
* needs_docs: => 0
* resolution: => wontfix
* needs_tests: => 0
* needs_better_patch: => 0
Comment:
CsrfResponseMiddleware is ''deprecated''. The correct way to handle this,
is using CsrfViewMiddleware and adding the token as a cookie . See the
blog post about [http://www.djangoproject.com/weblog/2011/feb/08/security/
1.2.5 security release] and it's
[http://www.djangoproject.com/weblog/2011/feb/10/security-errata/ errata]
--
Ticket URL: <http://code.djangoproject.com/ticket/15501#comment:1>
Django <http://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to django-updates@googlegroups.com.
To unsubscribe from this group, send email to
django-updates+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en.
