csrf_view_exempt stopped CSRF response post-processing working on 1.2
|Reported by:||André Cruz||Owned by:||Luke Plant|
|Has patch:||no||Needs documentation:||no|
|Needs tests:||no||Patch needs improvement:||no|
I tried to upgrade from 1.1 to 1.2 but "csrf_view_exempt" stopped working and no mention of this is made in the documentation.
I have "django.contrib.csrf.middleware.CsrfMiddleware" in my middleware and have a view with the "csrf_view_exempt" decorator. I don't want the request to be checked for the CSRF token but I want the response to be processed and the token added if a form is found.
It seems that the Response CSRF Middleware no longer works if the CSRF View middleware didn't run before, since it checks for the CSRF cookie and there isn't one yet...
Change History (6)
comment:1 Changed 6 years ago by
|Patch needs improvement:||unset|
comment:3 Changed 6 years ago by
|Summary:||csrf_view_exempt stopped working on 1.2 → csrf_view_exempt stopped CSRF response post-processing working on 1.2|