On Wed, Sep 28, 2011 at 4:03 PM, sspross <spr...@allink.ch> wrote: > hi tom > > thanks for your reply, but > > i'm don't want to disable a whole view, just disabling the http > referer checking in https. > > silvan >
Oh I see - my bad. There's no way to disable this check, looking at the source code. The CSRF middleware will automatically accept a request, regardless of the referrer/CSRF tokens provided, if the request has the attribute '_dont_enforce_csrf_checks' set to True. This is meant to be for the test suite to skip CSRF checks (I think), but you could abuse it, eg by adding some middleware which checks that the call is valid and adding that attribute if you think the request is genuine. Cheers Tom -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
