id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
15501	CSRF middleware does not handle REST api application correctly	Kristoffer Snabb	nobody	"The CSRF middleware does not work if the application is a strict RESTful api that returns JSON with GET requests and adds information with POST requests. This problem came with the upgrade to Django version 1.2.5

A solution would be to add 'application/json' and 'application/javascript' to the types that should return a response with a csrtoken cookie.

---->

This is in the current csrf middleware:

_HTML_TYPES = ('text/html', 'application/xhtml+xml')

http://code.djangoproject.com/browser/django/trunk/django/middleware/csrf.py?rev=15623

I did not find any good workarounds or other documentation about this so I report it here."		closed	HTTP handling	1.2		wontfix			Unreviewed	0	0	0	0	0	0