I have a django app with a particular view meant to receive file uploads via SWFupload. I've successfully used the trick of putting the csrf token in the post parameters and then copying that to the csrftoken cookie in the server code before the csrf middleware does its check. Over SSL it will still fail because flash doesn't set the referer either. Maybe I could use the same approach and modify request.META to satisfy the CSRF referer check. But it seems to me that both of these approaches are somehow just bypassing the intended security of the csrf protection model.
For now I've just exempted this particular view from CSRF checks. Any thoughts on if changing the request before CSRF middleware runs is worth it or not? -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-us...@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
