Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fixed #9977 - CsrfMiddleware gets template tag added, session depende…
…ncy removed, and turned on by default. This is a large change to CSRF protection for Django. It includes: * removing the dependency on the session framework. * deprecating CsrfResponseMiddleware, and replacing with a core template tag. * turning on CSRF protection by default by adding CsrfViewMiddleware to the default value of MIDDLEWARE_CLASSES. * protecting all contrib apps (whatever is in settings.py) using a decorator. For existing users of the CSRF functionality, it should be a seamless update, but please note that it includes DEPRECATION of features in Django 1.1, and there are upgrade steps which are detailed in the docs. Many thanks to 'Glenn' and 'bthomas', who did a lot of the thinking and work on the patch, and to lots of other people including Simon Willison and Russell Keith-Magee who refined the ideas. Details of the rationale for these changes is found here: http://code.djangoproject.com/wiki/CsrfProtection As of this commit, the CSRF code is mainly in 'contrib'. The code will be moved to core in a separate commit, to make the changeset as readable as possible. git-svn-id: http://code.djangoproject.com/svn/django/trunk@11660 bcc190cf-cafb-0310-a4f2-bffc1f526a37
- Loading branch information
1 parent
d1da261
commit 8e70cef
Showing
47 changed files
with
1,427 additions
and
234 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
from django.contrib.csrf.middleware import get_token | ||
from django.utils.functional import lazy | ||
|
||
def csrf(request): | ||
""" | ||
Context processor that provides a CSRF token, or the string 'NOTPROVIDED' if | ||
it has not been provided by either a view decorator or the middleware | ||
""" | ||
def _get_val(): | ||
token = get_token(request) | ||
if token is None: | ||
# In order to be able to provide debugging info in the | ||
# case of misconfiguration, we use a sentinel value | ||
# instead of returning an empty dict. | ||
return 'NOTPROVIDED' | ||
else: | ||
return token | ||
_get_val = lazy(_get_val, str) | ||
|
||
return {'csrf_token': _get_val() } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
from django.contrib.csrf.middleware import CsrfViewMiddleware | ||
from django.utils.decorators import decorator_from_middleware | ||
|
||
csrf_protect = decorator_from_middleware(CsrfViewMiddleware) | ||
csrf_protect.__name__ = "csrf_protect" | ||
csrf_protect.__doc__ = """ | ||
This decorator adds CSRF protection in exactly the same way as | ||
CsrfViewMiddleware, but it can be used on a per view basis. Using both, or | ||
using the decorator multiple times, is harmless and efficient. | ||
""" |
Oops, something went wrong.