On Friday, April 24, 2015 at 12:18:08 PM UTC-7, Carl Meyer wrote:
>
>
> Wow. I'm surprised that generating a CSRF token is that expensive, but 
> it doesn't really matter; if it doesn't need to be done for a given 
> request, there's no reason to do it. 
>
>
Most of that time is spent in posix.urandom

 

> > The above pull request 
> > (https://github.com/django/django/pull/4550) causes 
> > auth_tests.test_views.LoginTest. test_login_csrf_rotate test to fail. 
> >  This is because the test is manually manipulating the 
> > request.META["CSRF_COOKIE_USED"] variable. 
> > 
> > Do we need to support the case where apps or other middleware change 
> > that variable directly?   
>
> META['CSRF_COOKIE_USED'] is never mentioned in the documentation, so I 
> don't think there is any need to maintain backwards-compatibility with it. 
>
>
Thanks.  I have updated the pull request to fix that test.

 Jay Cox

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at http://groups.google.com/group/django-developers.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/6e2f633a-3b49-4925-88d4-664c9ca4bd5f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to