On 31/07/10 Russell Keith-Magee said: > * If you have an existing project, the introduction of CSRF > protection in Django 1.2 shouldn't pose any obstacle to upgrading. > CSRF protection is turned on by default in new projects, but you need > to manually turn it on for existing projects (i.e., you need to add > the new middleware). If you don't add the new middleware, you don't > need to do anything in order to run your project under Django 1.2. The > only potential backwards incompatibility is if you have written custom > templates to override the default templates provided by Django's admin > -- but this is clearly highlighted in the release notes [2]. > > [2] http://docs.djangoproject.com/en/dev/releases/1.2/#csrf-protection
I've picked-up Django 1.2 locally in a virtualenv for testing, and I'm finding suddenly that I can't login to the admin site due to a CSRF error. I have not enabled CSRF yet, and I have not added custom admin templates. I'm assuming that this is not expected. Mike -- Michael P. Soulier <msoul...@digitaltorque.ca> "Any intelligent fool can make things bigger and more complex... It takes a touch of genius - and a lot of courage to move in the opposite direction." --Albert Einstein
signature.asc
Description: Digital signature
