Stronger wording for CSRF protection in `modifying upload handlers on the fly`
The text in modifying upload handlers on the fly could be more strongly worded regarding CSRF protection.
It might be better if the text "Assuming you do need CSRF protection, you will then need to use csrf_protect() on the function that actually processes the request." simply read "You will then need to use csrf_protect() on the function that actually processes the request."
Obviously it's a bit of a subjective issue, but I think the stronger implication that we're simply explaining how to defer when the CSRF validation runs, rather than making a decision about if it should be run would be slightly better.
Change History
(6)
Component: |
Uncategorized → Documentation
|
Triage Stage: |
Unreviewed → Accepted
|
Type: |
Uncategorized → Cleanup/optimization
|
Has patch: |
set
|
Owner: |
changed from nobody to Tom Christie
|
Status: |
new → assigned
|
Triage Stage: |
Accepted → Ready for checkin
|
Resolution: |
→ fixed
|
Status: |
assigned → closed
|
Looks good to me. Marking RFC.