Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

Refs #15855 -- Recommended the csrf_protect decorator rather than var…

…y_on_cookie as workaround for cache_page caching the response before it gets to middleware.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16361 bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
commit 0e03a504bf28c727283bcabbff0f4dc63feaf573 1 parent 528157c
Carl Meyer authored June 10, 2011

Showing 1 changed file with 6 additions and 5 deletions. Show diff stats Hide diff stats

  1. 11  docs/ref/contrib/csrf.txt
11  docs/ref/contrib/csrf.txt
@@ -238,15 +238,16 @@ middleware will play well with the cache middleware if it is used as instructed
238 238
 (``UpdateCacheMiddleware`` goes before all other middleware).
239 239
 
240 240
 However, if you use cache decorators on individual views, the CSRF middleware
241  
-will not yet have been able to set the Vary header.  In this case, on any views
242  
-that will require a CSRF token to be inserted you should use the
243  
-:func:`django.views.decorators.vary.vary_on_cookie` decorator first::
  241
+will not yet have been able to set the Vary header or the CSRF cookie, and the
  242
+response will be cached without either one. In this case, on any views that
  243
+will require a CSRF token to be inserted you should use the
  244
+:func:`django.views.decorators.csrf.csrf_protect` decorator first::
244 245
 
245 246
   from django.views.decorators.cache import cache_page
246  
-  from django.views.decorators.vary import vary_on_cookie
  247
+  from django.views.decorators.csrf import csrf_protect
247 248
 
248 249
   @cache_page(60 * 15)
249  
-  @vary_on_cookie
  250
+  @csrf_protect
250 251
   def my_view(request):
251 252
       # ...
252 253
 

0 notes on commit 0e03a50

Please sign in to comment.
Something went wrong with that request. Please try again.