csrf_exempt decorator is useless if not the top-most decorator
|Reported by:||Joshua "jag" Ginsberg <jag@…>||Owned by:||nobody|
|Has patch:||no||Needs documentation:||no|
|Needs tests:||no||Patch needs improvement:||no|
If a view has multiple decorators and @csrf_exempt is not the top-most, it does not make the view CSRF-exempt. I would expect that anywhere in the decorator chain, the effect would be the same.