[PATCH] Just add a comment on settings.py with instructions to enable CSRF protection on Django 1.1
Jeremy Kerr
jk at ozlabs.org
Thu Apr 14 16:33:22 EST 2011
Hi Guilherme,
> > --- a/apps/settings.py
> > +++ b/apps/settings.py
> > @@ -63,6 +63,9 @@ MIDDLEWARE_CLASSES = (
> > 'django.contrib.auth.middleware.AuthenticationMiddleware',
> > 'django.middleware.doc.XViewMiddleware',
> > 'django.middleware.csrf.CsrfViewMiddleware',
> > + # If using Django 1.1, instead of the line above you'll need:
> > + # 'django.contrib.csrf.CsrfViewMiddleware',
> > + # 'django.contrib.csrf.CsrfResponseMiddleware',
>
> In fact, this should've been 'django.contrib.csrf.middleware.Csrf...',
> but although it should be enough to provide CSRF protection on Django
> 1.1 it doesn't seem to be enough to make Patchwork run on top of Django
> 1.1 because the templates use the 'csrf_token' tag, which is not
> available in 1.1.
>
> Maybe we should just update the docs to state that 1.2 or later is
> required?
I think that would be best. If we're getting test failures, we should
either get everything working with 1.1 again, or document that 1.2 is
required. If we apply this change, it might suggest that patchwork will
work with 1.1.
Cheers,
Jeremy
More information about the Patchwork
mailing list