Re: Why is the CSRF template context processor hardcoded?

Hi Aymeric, As I recall, the reasoning was: a) CSRF should almost always be on anyway b) The cost of having the CSRF token in place if you actually aren't using CSRF was pretty low c) Template documentation essentially says "put {% csrf_token %} in your template always; if it's hardcoded,

Why is the CSRF template context processor hardcoded?

Hello, I'm wondering why django.template.context defines: # We need the CSRF processor no matter what the user has in their settings, # because otherwise it is a security vulnerability, and we can't afford to leave # this to human error or failure to read migration instructions.

Some thoughts on Django Form Wizard

Hey there, I have been spending a lot of time working with FormWizard recently and had a few ideas on where it might be able to be improved. Here are some of my thoughts, let me know if these are things the community would find interesting. 1) More seamless navigation between steps of the

Re: HTTP/2 and WSGI

Being the idealist I am, I hope we can find a way to rid ourselves of the pain of cgi. I'd be more than willing to help, but my help would probably be more of a hindrance because of the limited exposure I've had with developing wsgi. However, I did want to register my support to those looking

Re: Loading timezone naive data into your test database with USE_TZ = True

Hi Robert, On 17 sept. 2014, at 01:54, Robert Rollins wrote: > I have a legacy database from which my Django application must migrate data > into a Django database. The relevant dates fields are actually TIMESTAMP > columns in the database, but something (perhaps

Re: HTTP/2 and WSGI

2014-09-20 6:42 GMT+02:00 Russell Keith-Magee : > > Historically, Django hasn't been deeply involved in process of developing > WSGI and related standards; this is an opportunity for us to change that > trend. > To me the situation is pretty clear. Either this line will