Hi Aymeric,
As I recall, the reasoning was:
a) CSRF should almost always be on anyway
b) The cost of having the CSRF token in place if you actually aren't using
CSRF was pretty low
c) Template documentation essentially says "put {% csrf_token %} in your
template always; if it's hardcoded,
Hello,
I'm wondering why django.template.context defines:
# We need the CSRF processor no matter what the user has in their settings,
# because otherwise it is a security vulnerability, and we can't afford to leave
# this to human error or failure to read migration instructions.
Hey there,
I have been spending a lot of time working with FormWizard recently and had
a few ideas on where it might be able to be improved. Here are some of my
thoughts, let me know if these are things the community would find
interesting.
1) More seamless navigation between steps of the
Being the idealist I am, I hope we can find a way to rid ourselves of the pain
of cgi. I'd be more than willing to help, but my help would probably be more of
a hindrance because of the limited exposure I've had with developing wsgi.
However, I did want to register my support to those looking
Hi Robert,
On 17 sept. 2014, at 01:54, Robert Rollins wrote:
> I have a legacy database from which my Django application must migrate data
> into a Django database. The relevant dates fields are actually TIMESTAMP
> columns in the database, but something (perhaps
2014-09-20 6:42 GMT+02:00 Russell Keith-Magee :
>
> Historically, Django hasn't been deeply involved in process of developing
> WSGI and related standards; this is an opportunity for us to change that
> trend.
>
To me the situation is pretty clear.
Either this line will