-
Notifications
You must be signed in to change notification settings - Fork 18
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- added the indirect dependency
Products.Sessions
for the CSRF-su…
…pport
- Loading branch information
Showing
2 changed files
with
2 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
acc6571
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hm, we used PluggableAuthService without
Products.Sessions
and without any problems. (We do not use any server side sessions.)Could this dependency be moved to an extra in setup.py?
acc6571
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
All ZMI form targets that use the
csrf_only
decorator will fail without some working session support. That's a terrible user experience who installs the package and tries to use the ZMI views for the standard plugins, and many just won't work without any clue why. From a non-expert standpoint the software looks just broken.We can't predict if a user already had some other session package installed so that
REQUEST.SESSION
is there. RequiringProducts.Sessions
is one solution, there could be others. Most other session packages, if they are in use, will already requireProducts.Sessions
themselves, so it's not a big imposition.acc6571
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@dataflake Okay, you convinced me: the default installation should just work.