mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-11-04 05:35:37 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Fixed #16430 - Stronger wording for CSRF protection in modifying upload handlers on the fly; thanks tomchristie.

Browse source 
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16588 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
Timo Graham 2011-08-06 20:34:04 +00:00
parent 0350d65fa4
commit e3c89346d2
1 changed files with 6 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

12
docs/topics/http/file-uploads.txt
View file

@ -278,13 +278,13 @@ list::
Also, ``request.POST`` is accessed by Also, ``request.POST`` is accessed by
:class:`~django.middleware.csrf.CsrfViewMiddleware` which is enabled by :class:`~django.middleware.csrf.CsrfViewMiddleware` which is enabled by
default. This means you will probably need to use default. This means you will need to use
:func:`~django.views.decorators.csrf.csrf_exempt` on your view to allow you :func:`~django.views.decorators.csrf.csrf_exempt` on your view to allow you
to change the upload handlers. Assuming you do need CSRF protection, you to change the upload handlers. You will then need to use
will then need to use :func:`~django.views.decorators.csrf.csrf_protect` on :func:`~django.views.decorators.csrf.csrf_protect` on the function that
the function that actually processes the request. Note that this means that actually processes the request. Note that this means that the handlers may
the handlers may start receiving the file upload before the CSRF checks have start receiving the file upload before the CSRF checks have been done.
been done. Example code: Example code:
.. code-block:: python .. code-block:: python