Commit 3e5fc7eb authored by Timo Graham's avatar Timo Graham
Browse files

[1.3.X] Fixed #16430 - Stronger wording for CSRF protection in `modifying... 

[1.3.X] Fixed #16430 - Stronger wording for CSRF protection in `modifying upload handlers on the fly`; thanks tomchristie.

Backport of r16588 from trunk.

git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.3.X@16589 bcc190cf-cafb-0310-a4f2-bffc1f526a37
parent 199f10f9

docs/topics/http/file-uploads.txt

+6 −6
Original line number Diff line number Diff line
@@ -278,13 +278,13 @@ list:: 


    Also, ``request.POST`` is accessed by

    :class:`~django.middleware.csrf.CsrfViewMiddleware` which is enabled by

    default. This means you will probably need to use

    default. This means you will need to use

    :func:`~django.views.decorators.csrf.csrf_exempt` on your view to allow you

    to change the upload handlers. Assuming you do need CSRF protection, you

    will then need to use :func:`~django.views.decorators.csrf.csrf_protect` on

    the function that actually processes the request.  Note that this means that

    the handlers may start receiving the file upload before the CSRF checks have

    been done. Example code:

    to change the upload handlers.  You will then need to use

    :func:`~django.views.decorators.csrf.csrf_protect` on the function that

    actually processes the request.  Note that this means that the handlers may

    start receiving the file upload before the CSRF checks have been done.

    Example code:



    .. code-block:: python