CsrfViewMiddleware makes modification of the upload handlers impossible
|Reported by:||dc||Owned by:||lukeplant|
|Has patch:||no||Needs documentation:||no|
|Needs tests:||no||Patch needs improvement:||no|
CsrfViewMiddleware accesses request.POST and makes modification of the upload handlers on a per-request basis impossible.
Currently it's impossible to simultaneously use per-request upload handlers and csrf protection. At least this must be documented.
Steps to reproduce
Put attached upload_test.py in PYTHONPATH.
Start new default django project:
$ django-admin.py startproject project
urlpatterns = patterns('', (r'^upload/$', 'upload_test.upload_file'), )
Open browser at /upload/ and submit form.
AttributeError at /upload/
You cannot alter upload handlers after the upload has been processed.
Normal form handling in upload_file() view.
Change History (5)
Changed 5 years ago by dc
comment:1 Changed 5 years ago by lukeplant
- Needs documentation unset
- Needs tests unset
- Owner changed from nobody to lukeplant
- Patch needs improvement unset
- Status changed from new to assigned
comment:3 Changed 4 years ago by lukeplant
- Resolution set to fixed
- Status changed from assigned to closed