On Apr 17, 5:04 pm, "Jeremy Dunck" <[EMAIL PROTECTED]> wrote:
> Middleware is easy to set and forget. Is there a reason not to make
> SecureForm the default, and InsecureForm for people using Ajax? ;-)
I'm pretty sure we can handle the Ajax case by not doing CSRF token
checks if request.is_ajax
On Thu, 17 Apr 2008 09:21:18 -0700 (PDT), "mrts" <[EMAIL PROTECTED]>
said:
>
> > Middleware is easy to set and forget. Is there a reason not to make
> > SecureForm the default, and InsecureForm for people using Ajax? ;-)
>
> Doesn't fit my workflow. In my case some POSTs are handled internall
> Middleware is easy to set and forget. Is there a reason not to make
> SecureForm the default, and InsecureForm for people using Ajax? ;-)
Doesn't fit my workflow. In my case some POSTs are handled internally
by other libraries (think OpenID).
--~--~-~--~~~---~--~--
On Thu, Apr 17, 2008 at 11:00 AM, Jacob Kaplan-Moss
<[EMAIL PROTECTED]> wrote:
>
> On Thu, Apr 17, 2008 at 10:08 AM, mrts <[EMAIL PROTECTED]> wrote:
> > This is cumbersome and error-prone, thus I propose that a SecureForm
> > or CSRFSecureForm be added to newforms that would automate the step
On Thu, Apr 17, 2008 at 10:08 AM, mrts <[EMAIL PROTECTED]> wrote:
> This is cumbersome and error-prone, thus I propose that a SecureForm
> or CSRFSecureForm be added to newforms that would automate the steps
> given above (like CsrfMiddleware does).
Agreed -- I was just talking with Simon the
