Did you ever have any luck with disabling referer checnking? On Thursday, 29 September 2011 08:25:26 UTC+2, sspross wrote: > > On Sep 28, 5:19 pm, Tom Evans <tevans...@googlemail.com> wrote: > > On Wed, Sep 28, 2011 at 4:03 PM, sspross <spr...@allink.ch> wrote: > > > hi tom > > > > > thanks for your reply, but > > > > > i'm don't want to disable a whole view, just disabling the http > > > referer checking in https. > > > > > silvan > > > Thanks Tom, I will take a closer look at this! > > Silvan > > > Oh I see - my bad. > > > > There's no way to disable this check, looking at the source code. > > > > The CSRF middleware will automatically accept a request, regardless of > > the referrer/CSRF tokens provided, if the request has the attribute > > '_dont_enforce_csrf_checks' set to True. > > This is meant to be for the test suite to skip CSRF checks (I think), > > but you could abuse it, eg by adding some middleware which checks that > > the call is valid and adding that attribute if you think the request > > is genuine. > > > > Cheers > > > > Tom
-- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To post to this group, send email to django-users@googlegroups.com. Visit this group at https://groups.google.com/group/django-users. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/b04093f7-a29c-43c8-9b93-ea14065d406f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
