Skip to content


Subversion checkout URL

You can clone with
Download ZIP
Browse files

[1.2.X] Fixed #14182 - documented how to modify upload handlers when …

…using CsrfViewMiddleware

Thanks to dc for the report.

Backport of [13960] from trunk

git-svn-id: bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
commit ed1aa807e22c8c76fd7885153d23544061a2f2ee 1 parent f27d85b
@spookylukey spookylukey authored
Showing with 24 additions and 0 deletions.
  1. +24 −0 docs/topics/http/file-uploads.txt
24 docs/topics/http/file-uploads.txt
@@ -270,6 +270,30 @@ list::
Thus, you should always modify uploading handlers as early in your view as
+ Also, ``request.POST`` is accessed by
+ :class:`~django.middleware.csrf.CsrfViewMiddleware` which is enabled by
+ default. This means you will probably need to use
+ :func:`~django.views.decorators.csrf.csrf_exempt` on your view to allow you
+ to change the upload handlers. Assuming you do need CSRF protection, you
+ will then need to use :func:`~django.views.decorators.csrf.csrf_protect` on
+ the function that actually processes the request. Note that this means that
+ the handlers may start receiving the file upload before the CSRF checks have
+ been done. Example code:
+ .. code-block:: python
+ from django.views.decorators.csrf import csrf_exempt, csrf_protect
+ @csrf_exempt
+ def upload_file_view(request):
+ request.upload_handlers.insert(0, ProgressBarUploadHandler())
+ return _upload_file_view(request)
+ @csrf_protect
+ def _upload_file_view(request):
+ ... # Process request
Writing custom upload handlers

0 comments on commit ed1aa80

Please sign in to comment.
Something went wrong with that request. Please try again.