Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Fixed #12358 - csrf_token template tag does not work with flatpages.

Thanks to phretor for the report.



git-svn-id: http://code.djangoproject.com/svn/django/trunk@12381 bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
commit def34da85c22fecc03bf9d640c54664231a219f6 1 parent 96a1009
Luke Plant spookylukey authored
Showing with 6 additions and 0 deletions.
  1. +6 −0 django/contrib/flatpages/views.py
6 django/contrib/flatpages/views.py
View
@@ -5,9 +5,15 @@
from django.conf import settings
from django.core.xheaders import populate_xheaders
from django.utils.safestring import mark_safe
+from django.views.decorators.csrf import csrf_protect
DEFAULT_TEMPLATE = 'flatpages/default.html'
+# This view is called from FlatpageFallbackMiddleware.process_response
+# when a 404 is raised, which often means CsrfViewMiddleware.process_view
+# has not been called even if CsrfViewMiddleware is installed. So we need
+# to use @csrf_protect, in case the template needs {% csrf_token %}.
+@csrf_protect
def flatpage(request, url):
"""
Flat page view.
Please sign in to comment.
Something went wrong with that request. Please try again.