subject:"\[Django\] #14156\: CSRF protection in django.contrib.flatpages.views.flatpage causes unwanted behavior"

Re: [Django] #14156: CSRF protection in django.contrib.flatpages.views.flatpage causes unwanted behavior

2010-08-27 Thread Django

#14156: CSRF protection in django.contrib.flatpages.views.flatpage causes 
unwanted
behavior
---+
  Reporter:  patrys| Owner:  nobody
Status:  new   | Milestone:
 Component:  Contrib apps  |   Version:  1.2   
Resolution:|  Keywords:
 Stage:  Accepted  | Has_patch:  0 
Needs_docs:  0 |   Needs_tests:  0 
Needs_better_patch:  0 |  
---+
Changes (by russellm):

  * needs_better_patch:  => 0
  * stage:  Unreviewed => Accepted
  * needs_tests:  => 0
  * needs_docs:  => 0

-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To post to this group, send email to django-upda...@googlegroups.com.
To unsubscribe from this group, send email to 
django-updates+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-updates?hl=en.

[Django] #14156: CSRF protection in django.contrib.flatpages.views.flatpage causes unwanted behavior

2010-08-23 Thread Django

#14156: CSRF protection in django.contrib.flatpages.views.flatpage causes 
unwanted
behavior
--+-
 Reporter:  patrys|   Owner:  nobody
   Status:  new   |   Milestone:
Component:  Contrib apps  | Version:  1.2   
 Keywords:|   Stage:  Unreviewed
Has_patch:  0 |  
--+-
 If you only decorate selected views with {{{csrf_protect}}}, any non-
 protected POST that ends up resulting in a 404 response returns 403
 Forbidden instead.

 This is both unwanted and potentially puzzling to developers. Either the
 {{{flatpage}}} view should not be decorated (it seems incapable of
 altering the application's state) or the above should be documented both
 in the CSRF section and in the flatpages section.

-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To post to this group, send email to django-upda...@googlegroups.com.
To unsubscribe from this group, send email to 
django-updates+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-updates?hl=en.

Re: [Django] #14156: CSRF protection in django.contrib.flatpages.views.flatpage causes unwanted behavior

[Django] #14156: CSRF protection in django.contrib.flatpages.views.flatpage causes unwanted behavior

2 matches

Site Navigation

Mail list logo

Footer information