id summary reporter owner description type status component version severity resolution keywords cc stage has_patch needs_docs needs_tests needs_better_patch easy ui_ux 12933 self.admin_site.admin_view() disables @csrf_view_exempt, should have csrf_protected=True arg philomat nobody "If a use the csrf_view_exempt decorator on an admin view and expose that view in the get_urls() method using the admin_view decorator, the view will always be decorated with csrf_protect – making the exempt useless. I think admin_view should either check whether the view is alreay exempted, or have a csrf_protected=True arg similar to the cacheable arg." closed contrib.admin 1.2-beta fixed Accepted 1 0 0 0 0 0