See approved ticket: http://code.djangoproject.com/ticket/14261
There, Luke Plant said:
"""
+1, I was going to suggest it myself. The patch looks pretty good.
After Django 1.3 is out, we should have some discussion on django-devs
about:
- what the default value should be (I think SAMEORIGIN woul
OK, I'm sold - let's just kill the "protection".
Christophe, can you write a patch including a new warning to put in the docs?
Thanks,
Jacob
--
You received this message because you are subscribed to the Google Groups
"Django developers" group.
To post to this group, send email to django-deve
On Mar 11, 2011, at 8:20 PM, Jacob Kaplan-Moss wrote:
> I'd be interested in your thoughts on that: is
> there a way we can prevent folks from shooting themselves in the foot
> this way, or do you think trying itself is futile?
There's no practical way of doing it without doing some kind of
back
Even if it is a kludge, it still accomplishes something that .raw() cannot
(as Dan put forth). I think deprecating it in favor of raw doesn't make
much sense, since they are two different things.
On Mar 9, 2011 4:06 PM, "Dan Watson" wrote:
>
>
> On Tuesday, March 8, 2011 6:16:26 PM UTC-5, Russell
I think some people seem to be confused about what is being asked for.
I think the suggestion is that you should get this new "not an admin
account" message iff
the provided username _and_ password are correct. If you don't have
permission, but
provide an incorrect password, then you still get the