[PATCH] Just add a comment on settings.py with instructions to enable CSRF protection on Django 1.1
Guilherme Salgado
guilherme.salgado at linaro.org
Fri Apr 15 00:18:36 EST 2011
On Thu, 2011-04-14 at 14:33 +0800, Jeremy Kerr wrote:
> Hi Guilherme,
>
> > > --- a/apps/settings.py
> > > +++ b/apps/settings.py
> > > @@ -63,6 +63,9 @@ MIDDLEWARE_CLASSES = (
> > > 'django.contrib.auth.middleware.AuthenticationMiddleware',
> > > 'django.middleware.doc.XViewMiddleware',
> > > 'django.middleware.csrf.CsrfViewMiddleware',
> > > + # If using Django 1.1, instead of the line above you'll need:
> > > + # 'django.contrib.csrf.CsrfViewMiddleware',
> > > + # 'django.contrib.csrf.CsrfResponseMiddleware',
> >
> > In fact, this should've been 'django.contrib.csrf.middleware.Csrf...',
> > but although it should be enough to provide CSRF protection on Django
> > 1.1 it doesn't seem to be enough to make Patchwork run on top of Django
> > 1.1 because the templates use the 'csrf_token' tag, which is not
> > available in 1.1.
> >
> > Maybe we should just update the docs to state that 1.2 or later is
> > required?
>
> I think that would be best. If we're getting test failures, we should
> either get everything working with 1.1 again, or document that 1.2 is
> required. If we apply this change, it might suggest that patchwork will
> work with 1.1.
I was hoping I'd be able to change the tests to make them pass using
either 1.1 or 1.2, but I didn't manage to, so I've just submitted
another patch changing docs/INSTALL to state that 1.2 is required. I
also fixed a link to the deployment chapter of the django book, which
was broken.
Cheers,
--
Guilherme Salgado <https://launchpad.net/~salgado>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
URL: <http://lists.ozlabs.org/pipermail/patchwork/attachments/20110414/03285dd8/attachment.pgp>
More information about the Patchwork
mailing list