id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
14156	CSRF protection in django.contrib.flatpages.views.flatpage causes unwanted behavior	Patryk Zawadzki	nobody	"If you only decorate selected views with {{{csrf_protect}}}, any non-protected POST that ends up resulting in a 404 response returns 403 Forbidden instead.

This is both unwanted and potentially puzzling to developers. Either the {{{flatpage}}} view should not be decorated (it seems incapable of altering the application's state) or the above should be documented both in the CSRF section and in the flatpages section."		closed	Contrib apps	1.2		fixed			Accepted	0	0	0	0	0	0