04 June 2010

Django CSRF gotcha

Django contains a decorator, @csrf_exempt, that you can apply to a view function to tell the anti-CSRF CsrfViewMiddleware to ignore that view. While it's obvious in retrospect, make sure you apply the decorator to the actual view (e.g., the function listed in urls.py); otherwise, if you apply it to a function called by that view function, CsrfViewMiddleware will merrily ignore it and raise a CSRF error.

No comments:

Post a Comment

About Me

blog at barillari dot org Older posts at http://barillari.org/blog