CSRF middleware does not handle REST api application correctly
|Reported by:||Kristoffer Snabb||Owned by:||nobody|
|Has patch:||no||Needs documentation:||no|
|Needs tests:||no||Patch needs improvement:||no|
The CSRF middleware does not work if the application is a strict RESTful api that returns JSON with GET requests and adds information with POST requests. This problem came with the upgrade to Django version 1.2.5
This is in the current csrf middleware:
_HTML_TYPES = ('text/html', 'application/xhtml+xml')
I did not find any good workarounds or other documentation about this so I report it here.