Allow CsrfResponseMiddleware to be used if templates cannot be updated.

For the case where someone is using contrib views with custom templates that they cannot update to use the template tag, it should be possible to use CsrfResponseMiddleware. This requires that 'csrf_response_exempt' is not used for the admin views. git-svn-id: http://code.djangoproject.com/svn/django/trunk@11683 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2025-10-31 01:25:32 +00:00 · 2009-10-30 00:17:29 +00:00
parent 96658ef2d2
commit 5a0aab41ee
2 changed files with 5 additions and 3 deletions
--- a/django/contrib/admin/sites.py
+++ b/django/contrib/admin/sites.py
@@ -3,7 +3,7 @@ from django import http, template
 from django.contrib.admin import ModelAdmin
 from django.contrib.admin import actions
 from django.contrib.auth import authenticate, login
-from django.views.decorators.csrf import csrf_protect, csrf_response_exempt
+from django.views.decorators.csrf import csrf_protect
 from django.db.models.base import ModelBase
 from django.core.exceptions import ImproperlyConfigured
 from django.core.urlresolvers import reverse
@@ -189,7 +189,7 @@ class AdminSite(object):
            inner = never_cache(inner)
        # We add csrf_protect here so this function can be used as a utility
        # function for any view, without having to repeat 'csrf_protect'.
-        inner = csrf_response_exempt(csrf_protect(inner))
+        inner = csrf_protect(inner)
        return update_wrapper(inner, view)

    def get_urls(self):