Fixed #14182 - documented how to modify upload handlers when using CsrfViewMiddleware

Thanks to dc for the report.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@13960 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
Luke Plant 2010-09-29 16:35:34 +00:00
parent e2f55fbde6
commit 89ea98ca56
1 changed files with 24 additions and 0 deletions

View File

@ -270,6 +270,30 @@ list::
Thus, you should always modify uploading handlers as early in your view as Thus, you should always modify uploading handlers as early in your view as
possible. possible.
Also, ``request.POST`` is accessed by
:class:`~django.middleware.csrf.CsrfViewMiddleware` which is enabled by
default. This means you will probably need to use
:func:`~django.views.decorators.csrf.csrf_exempt` on your view to allow you
to change the upload handlers. Assuming you do need CSRF protection, you
will then need to use :func:`~django.views.decorators.csrf.csrf_protect` on
the function that actually processes the request. Note that this means that
the handlers may start receiving the file upload before the CSRF checks have
been done. Example code:
.. code-block:: python
from django.views.decorators.csrf import csrf_exempt, csrf_protect
@csrf_exempt
def upload_file_view(request):
request.upload_handlers.insert(0, ProgressBarUploadHandler())
return _upload_file_view(request)
@csrf_protect
def _upload_file_view(request):
... # Process request
Writing custom upload handlers Writing custom upload handlers
------------------------------ ------------------------------