go4ble
commented
12 years ago i can take care of this. got it working in another project
Closed awdavies closed 12 years ago
go4ble
commented
12 years ago i can take care of this. got it working in another project
awdavies
commented
12 years ago Alright, but to make everyone happy, could you make it a simple extension of the render_to_response function so we don't have to worry about writing too much extra boilerplate? That'd be awesome!
go4ble
commented
12 years ago we just have to use render instead of render_to_response, and the only difference with that is you make the 'request' object that is given to the view the first argument
awdavies
commented
12 years ago But I thought the csrf token was part of the context that you're supposed to give to the render_to_response function? It has a short description about it here
go4ble
commented
12 years ago all i really have to do is go through and change all of the 'render_to_response(...' to 'render(request, ....', and add {% csrf %} to all of the forms in the templates
go4ble
commented
12 years ago done. should this be closed then?
awdavies
commented
12 years ago Looks good, brosef
Django has some middleware that does this already, but it's a lot of boilerplate to put in.
Essentially, we want to put in a different render_to_response function that takes in a dictionary object and appends a csrf token to it (I'm not 100% sure how this works, but it seems useful). This only needs to be done for sections of code using the "POST" method, not the "GET" method.