2010/6/7 Filip Gruszczyński <grusz...@gmail.com>
> Docs say:
>
> If you do not have any of the middleware in your MIDDLEWARE_CLASSES,
> you will have a working installation but without any CSRF protection
> for your views (just as you had before). It is strongly recommended to
> install CsrfViewMiddleware and CsrfResponseMiddleware, as described
> above.
>
> So I thought I don't have to do anything. Can I disable it somehow?
I suspect you are using the contrib.auth login view. All contrib app views
use the csrf_protect decorator ("All contrib apps use a csrf_protect
decorator to protect the view. This requires the use of the csrf_token
template tag in the template. If you have used custom templates for contrib
views, you MUST READ THE UPGRADE INSTRUCTIONS to fix those templates.") You
need to update the login template you are using to include the {% csrf_token
%} tag.
Karen
--
http://tracey.org/kmt/
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en.
