Hey devs, I posted this on django-users last week but didn't hear back. I'm wondering if this is a bug and if so, if I should take a crack at a patch.
I ran into some unexpected CSRF behavior. An AJAX request that includes the "X-Requested-With: XMLHttpRequest" header but does not include csrf token will bypass CSRF middleware, as expected. If you hit server error (mine was a TypeError), response has error code 500. But, if Debug=True, the content of the error message is 403 Forbidden content - thus no information about where the error originated - and response code is still 500. I couldn't find any documentation or discussion about why this would be desired. Is it a bug? Thanks, Brett -- You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-develop...@googlegroups.com. To unsubscribe from this group, send email to django-developers+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-developers?hl=en.
