id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
12933	self.admin_site.admin_view() disables @csrf_view_exempt, should have csrf_protected=True arg	philomat	nobody	"If a use the csrf_view_exempt decorator on an admin view and expose that view in the get_urls() method using the admin_view decorator, the view will always be decorated with csrf_protect – making the exempt useless.

I think admin_view should either check whether the view is alreay exempted, or have a csrf_protected=True arg similar to the cacheable arg."		closed	contrib.admin	1.2-beta		fixed			Accepted	1	0	0	0	0	0