id,summary,reporter,owner,description,type,status,component,version,severity,resolution,keywords,cc,stage,has_patch,needs_docs,needs_tests,needs_better_patch,easy,ui_ux 15501,CSRF middleware does not handle REST api application correctly,Kristoffer Snabb,nobody,"The CSRF middleware does not work if the application is a strict RESTful api that returns JSON with GET requests and adds information with POST requests. This problem came with the upgrade to Django version 1.2.5 A solution would be to add 'application/json' and 'application/javascript' to the types that should return a response with a csrtoken cookie. ----> This is in the current csrf middleware: _HTML_TYPES = ('text/html', 'application/xhtml+xml') http://code.djangoproject.com/browser/django/trunk/django/middleware/csrf.py?rev=15623 I did not find any good workarounds or other documentation about this so I report it here.",,closed,HTTP handling,1.2,,wontfix,,,Unreviewed,0,0,0,0,0,0