On Monday 07 June 2010 18:00:53 Filip Gruszczyński wrote: > If you do not have any of the middleware in your MIDDLEWARE_CLASSES, > you will have a working installation but without any CSRF protection > for your views (just as you had before). It is strongly recommended to > install CsrfViewMiddleware and CsrfResponseMiddleware, as described > above. > > So I thought I don't have to do anything. Can I disable it somehow? >
rather than disable it, why do you not use it? it's going to be there for a long time, and although it is a bit tedious to enable it, it is worth doing once and for all - remember that this is practically the only security hole found in django after nearly 5 years of release. -- Regards Kenneth Gonsalves Senior Associate NRC-FOSS at AU-KBC -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-us...@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
