I'm running django 1.2rc1 for one of my projects and the new CSRF protection is breaking Satchmo a lot.
Docs about new csrf protection here: http://docs.djangoproject.com/en/dev/ref/contrib/csrf/ Basically, the new recommended CSRF protection strategy involves adding a middleware and a context processor, then adding a {% csrf_token %} template tag to every form that posts. Also, you can add the csrf_protect decorator to your own views, to protect against users not adding the middleware. Right now, none of the forms that post work with django 1.2, if the user adds the csrf middleware like they are supposed to. The major problem is that I don't think the changes are backwards compatible. We'd need to require django 1.2. Anyway, anyone have thoughts on how we can move forward with this? Alex -- You received this message because you are subscribed to the Google Groups "Satchmo users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/satchmo-users?hl=en.
