On Wed, Dec 3, 2008 at 8:14 AM, Luke Plant <l.plant...@cantab.net> wrote: > == Conclusion == > > At the moment, once you've factored everything in, I think 'view > middleware' + template tag is the way to go, with some more custom > solution for login CSRF. The SafeForm ends up having an unwieldly > API, which means it won't be used or could be used incorrectly, it > will often require changing a template anyway, and it's specific to > Django forms. The template tag solution would basically require a > single line being added to the template for each form (plus some > settings, once). > > I also suggest we add CsrfMiddleware or CsrfViewMiddleware to the > default middleware and put a note about it in the release notes.
Realized I never responded to this, so, for the record, I agree with this conclusion. I'd like to see a bit of code -- and, more importantly for me, the documentation -- before it goes in, but think this sounds like the best solution. Jacob --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-developers@googlegroups.com To unsubscribe from this group, send email to django-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/django-developers?hl=en -~----------~----~----~----~------~----~------~--~---
