Hi, In order to enable CSRF protection, one needs to add the CsrfViewMiddleware to the middleware classes, and add the CSRF context processor to the context processors.
However, it seems that the defaults are to add the middleware, but not the context processor. Is there a specific reason for this? After all, if we would not want to enable CSRF protection by default, we should include neither the middleware nor the context processor. If we do want it to be default, both should be included. The current defaults seem to be halfway between these options. Should we not just add the CSRF context processor to the default context processors? Or is there an underlying reason to keep it out? cheers, Erik -- You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/django-developers?hl=en.
