id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
16430	Stronger wording for CSRF protection in `modifying upload handlers on the fly`	Tom Christie	Tom Christie	"The text in [https://docs.djangoproject.com/en/dev/topics/http/file-uploads/#modifying-upload-handlers-on-the-fly modifying upload handlers on the fly] could be more strongly worded regarding CSRF protection.

It might be better if the text ""Assuming you do need CSRF protection, you will then need to use csrf_protect() on the function that actually processes the request."" simply read ""You will then need to use csrf_protect() on the function that actually processes the request.""

Obviously it's a bit of a subjective issue, but I think the stronger implication that we're simply explaining how to defer ''when the CSRF validation runs'', rather than making a decision about ''if it should be run'' would be slightly better."	Cleanup/optimization	closed	Documentation	1.3	Normal	fixed			Ready for checkin	1	0	0	0	0	0