Opened 14 years ago
Closed 14 years ago
#14222 closed (invalid)
csrf_exempt decorator is useless if not the top-most decorator
Reported by: | Owned by: | nobody | |
---|---|---|---|
Component: | Uncategorized | Version: | 1.2 |
Severity: | Keywords: | ||
Cc: | Triage Stage: | Unreviewed | |
Has patch: | no | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | no |
Easy pickings: | no | UI/UX: | no |
Description
If a view has multiple decorators and @csrf_exempt is not the top-most, it does not make the view CSRF-exempt. I would expect that anywhere in the decorator chain, the effect would be the same.
Note:
See TracTickets
for help on using tickets.
I think this will depend on which other decorators are being used, and whether they use
functools.wraps
or not. All Django-provided decorators do usefunctools.wraps
or equivalent, as far as I know, and it is not possible to make the decorator work as expected in combination with other decorators that don't.I'm going to close as INVALID for now, as there isn't enough information to know if there is a bug in Django or not. If you can identify a Django-provided decorator which is misbehaving, please re-open. Thanks!