On Tue, Apr 6, 2010 at 8:12 PM, Ramdas S <ram...@gmail.com> wrote: > > Hey Thanks! > > Should I exempt all the views >
I don't know django-paypal that well, but you should only exempt those which are supposed to receive POST requests from external domains (paypal) and which are secured against CSRF attacks in some other way, f.e. with a hash or something. -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-us...@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
