Skip to content
Browse files

add changelog note

  • Loading branch information...
1 parent 3070c46 commit fab8454294b6271c727a0251c78b5f55df5788bf @mcdonc mcdonc committed Jun 5, 2013
Showing with 5 additions and 0 deletions.
  1. +5 −0 CHANGES.txt
@@ -29,6 +29,11 @@ Features
``initialize_myapp_db etc/development.ini a=1 b=2``.
+- The ``request.session.check_csrf_token()`` method and the ``check_csrf`` view
+ predicate now take into account the value of the HTTP header named
+ ``X-CSRF-Token`` (as well as the ``csrf_token`` form parameter, which they
+ always did). The header is tried when the form parameter does not exist.
Bug Fixes

0 comments on commit fab8454

Please sign in to comment.
Something went wrong with that request. Please try again.