#34830: csrf_failure view missing context processors
-----------------------------+---------------------------------------------
Reporter: Alex Henman | Owner: Prakhar Parashari
Type: Bug | Status: closed
Component: CSRF | Version: dev
Severity: Normal | Resolution: fixed
Keywords: | Triage Stage: Ready for checkin
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-----------------------------+---------------------------------------------
Comment (by Natalia Bidart):
Replying to [comment:14 Tim Graham]:
> As Alex stated in comment 8, I don't think passing the `request` like
this causes the template to be rendered with `RequestContext` (which makes
the values from context processors available in the template). The ticket
summary should at least be retitled to reflect what was actually changed,
e.g. "Add request to csrf_failure view context."
Thank you Tim for the comment, indeed your have a valid point. I started
drafting a possible solution so a `RequestContext` is used, I ended up
with this diff:
{{{
#!diff
diff --git a/django/views/csrf.py b/django/views/csrf.py
index e282ebb2b6..8da5f2b082 100644
--- a/django/views/csrf.py
+++ b/django/views/csrf.py
@@ -64,7 +64,6 @@ def csrf_failure(request, reason="",
template_name=CSRF_FAILURE_TEMPLATE_NAME):
"DEBUG": settings.DEBUG,
"docs_version": get_docs_version(),
"more": _("More information is available with DEBUG=True."),
- "request": request,
}
try:
t = loader.get_template(template_name)
@@ -73,8 +72,12 @@ def csrf_failure(request, reason="",
template_name=CSRF_FAILURE_TEMPLATE_NAME):
# If the default template doesn't exist, use the fallback
template.
with
builtin_template_path("csrf_403.html").open(encoding="utf-8") as fh:
t = Engine().from_string(fh.read())
- c = Context(c)
else:
# Raise if a developer-specified template doesn't exist.
raise
- return HttpResponseForbidden(t.render(c))
+ try:
+ response = t.render(c, request=request)
+ except TypeError:
+ c["request"] = request
+ response = t.render(Context(c))
+ return HttpResponseForbidden(response)}}}
which would need some unit tests and perhaps some further analysis of how
robust this solution is. Do you have an opinion?
--
Ticket URL: <https://code.djangoproject.com/ticket/34830#comment:15>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/0107018baa8cecbc-d2016bba-965e-4694-b600-b4c30998da0f-000000%40eu-central-1.amazonses.com.
