Fix #247: Execute lazy callables for csrf_token within the view.

mozilla / django-browserid

Django application for adding BrowserID support.

Mozilla Public License 2.0

179 stars 80 forks source link

Fix #247: Execute lazy callables for csrf_token within the view. #251

Closed Osmose closed 10 years ago

Osmose commented 10 years ago

Django’s CSRF middleware does not send a CSRF cookie if the csrf_token value, which is a lazy-evaluated value, is called. This avoids unnecessary cookies, but causes trouble if you don’t evaluate the csrf_token within your view.

CsrfToken was doing just that, as it just passed the value to HttpResponse, not evaluating csrf_token before the middleware ran and decided not to send the cookie. By unicodeing the value we force it to run and the middleware sends the cookie as expected.

Osmose commented 10 years ago

@pmclanahan r?

Osmose commented 10 years ago

Updated to work on Python 3, silly me.

willkg commented 10 years ago

This fixes it for me. r+

willkg commented 10 years ago

Where "fixes it for me" is defined as "I have this problem with richard/pyvideo right now and with this patch, the problem goes away".