Removing CSRF protection from subclassed django admin sites
|Reported by:||Paul Haesler||Owned by:||nobody|
|Has patch:||no||Needs documentation:||no|
|Needs tests:||no||Patch needs improvement:||no|
From Django 1.2, removing CSRF protection for a subclassed admin site is difficult and messy. (Some of my subclassed admin sites use no authentication and allow direct posting from external applications - CSRF protection is therefore inconvenient to say the least).
It would be nice if there was a clean simple way to completely turn CSRF off in sub-classed admin sites. E.g:
csrf_protection = False