[PATCH] Just add a comment on settings.py with instructions to enable CSRF protection on Django 1.1

Guilherme Salgado guilherme.salgado at linaro.org
Thu Apr 7 02:20:03 EST 2011


On Wed, 2011-04-06 at 12:28 -0300, Guilherme Salgado wrote:
> Signed-off-by: Guilherme Salgado <guilherme.salgado at linaro.org>
> ---
>  apps/settings.py |    3 +++
>  1 files changed, 3 insertions(+), 0 deletions(-)
> 
> diff --git a/apps/settings.py b/apps/settings.py
> index 68837b3..10813d4 100644
> --- a/apps/settings.py
> +++ b/apps/settings.py
> @@ -63,6 +63,9 @@ MIDDLEWARE_CLASSES = (
>      'django.contrib.auth.middleware.AuthenticationMiddleware',
>      'django.middleware.doc.XViewMiddleware',
>      'django.middleware.csrf.CsrfViewMiddleware',
> +    # If using Django 1.1, instead of the line above you'll need:
> +    # 'django.contrib.csrf.CsrfViewMiddleware',
> +    # 'django.contrib.csrf.CsrfResponseMiddleware',

In fact, this should've been 'django.contrib.csrf.middleware.Csrf...',
but although it should be enough to provide CSRF protection on Django
1.1 it doesn't seem to be enough to make Patchwork run on top of Django
1.1 because the templates use the 'csrf_token' tag, which is not
available in 1.1.

Maybe we should just update the docs to state that 1.2 or later is
required?

-- 
Guilherme Salgado <https://launchpad.net/~salgado>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
URL: <http://lists.ozlabs.org/pipermail/patchwork/attachments/20110406/b3645cb5/attachment.pgp>


More information about the Patchwork mailing list