id,summary,reporter,owner,description,type,status,component,version,severity,resolution,keywords,cc,stage,has_patch,needs_docs,needs_tests,needs_better_patch,easy,ui_ux 14156,CSRF protection in django.contrib.flatpages.views.flatpage causes unwanted behavior,Patryk Zawadzki,nobody,"If you only decorate selected views with {{{csrf_protect}}}, any non-protected POST that ends up resulting in a 404 response returns 403 Forbidden instead. This is both unwanted and potentially puzzling to developers. Either the {{{flatpage}}} view should not be decorated (it seems incapable of altering the application's state) or the above should be documented both in the CSRF section and in the flatpages section.",,closed,Contrib apps,1.2,,fixed,,,Accepted,0,0,0,0,0,0