On Sep 28, 5:19 pm, Tom Evans <tevans...@googlemail.com> wrote: > On Wed, Sep 28, 2011 at 4:03 PM, sspross <spr...@allink.ch> wrote: > > hi tom > > > thanks for your reply, but > > > i'm don't want to disable a whole view, just disabling the http > > referer checking in https. > > > silvan > Thanks Tom, I will take a closer look at this!
Silvan > Oh I see - my bad. > > There's no way to disable this check, looking at the source code. > > The CSRF middleware will automatically accept a request, regardless of > the referrer/CSRF tokens provided, if the request has the attribute > '_dont_enforce_csrf_checks' set to True. > This is meant to be for the test suite to skip CSRF checks (I think), > but you could abuse it, eg by adding some middleware which checks that > the call is valid and adding that attribute if you think the request > is genuine. > > Cheers > > Tom -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
