mirror of
https://github.com/django/django.git
synced 2025-10-24 14:16:09 +00:00
[1.3.X] Fixed #16430 - Stronger wording for CSRF protection in modifying upload handlers on the fly
; thanks tomchristie.
Backport of r16588 from trunk. git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.3.X@16589 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
@@ -278,13 +278,13 @@ list::
|
||||
|
||||
Also, ``request.POST`` is accessed by
|
||||
:class:`~django.middleware.csrf.CsrfViewMiddleware` which is enabled by
|
||||
default. This means you will probably need to use
|
||||
default. This means you will need to use
|
||||
:func:`~django.views.decorators.csrf.csrf_exempt` on your view to allow you
|
||||
to change the upload handlers. Assuming you do need CSRF protection, you
|
||||
will then need to use :func:`~django.views.decorators.csrf.csrf_protect` on
|
||||
the function that actually processes the request. Note that this means that
|
||||
the handlers may start receiving the file upload before the CSRF checks have
|
||||
been done. Example code:
|
||||
to change the upload handlers. You will then need to use
|
||||
:func:`~django.views.decorators.csrf.csrf_protect` on the function that
|
||||
actually processes the request. Note that this means that the handlers may
|
||||
start receiving the file upload before the CSRF checks have been done.
|
||||
Example code:
|
||||
|
||||
.. code-block:: python
|
||||
|
||||
|
Reference in New Issue
Block a user