Hi,
I've just updated to latest trunk, and now site login does not work
cos of CSRF that has been enabled in all contrib apps.
I should put {% csrf_token %} in login forms (i use custom template
for auth login) on plenty of sites that usually don't use CSRF and
some of them don't use contrib.admin.
Is there a way to work around this at least for some time except from
not updating to latest trunk?
Yes there is extras/csrf_migration_helper.py but i can't afford to
play with it at this moment. I just need to update login forms on many
sites not update complete sites.
And there are also some typos in guide:
====================================
http://docs.djangoproject.com/en/dev/ref/contrib/csrf/#legacy-method
====================================
In Django 1.1, the template tag did not exist. Instead, a post-
processing middleware that re-wrote POST forms to include the CRSF
token was used.
Use of the CsrfResponseMiddleware is not recommended because of the
performance hit it imposes, and because of a potential security
problem (see below). It can be used as an interim measure until
applications have been updated to use the {% crsf_token %} tag. It is
deprecated and will be removed in Django 1.4.
====================================
Typos:
... POST forms to include the CRSF token was used.
It should say "the CSRF token was used." and it's not {% crsf_token %}
but {% csrf_token %}
Thanks,
Davor
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to
django-users+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en
-~----------~----~----~----~------~----~------~--~---
