From def34da85c22fecc03bf9d640c54664231a219f6 Mon Sep 17 00:00:00 2001 From: Luke Plant Date: Thu, 4 Feb 2010 21:47:19 +0000 Subject: [PATCH] Fixed #12358 - csrf_token template tag does not work with flatpages. Thanks to phretor for the report. git-svn-id: http://code.djangoproject.com/svn/django/trunk@12381 bcc190cf-cafb-0310-a4f2-bffc1f526a37 --- django/contrib/flatpages/views.py | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/django/contrib/flatpages/views.py b/django/contrib/flatpages/views.py index 37d12c93a3..336600328d 100644 --- a/django/contrib/flatpages/views.py +++ b/django/contrib/flatpages/views.py @@ -5,9 +5,15 @@ from django.http import HttpResponse, HttpResponseRedirect from django.conf import settings from django.core.xheaders import populate_xheaders from django.utils.safestring import mark_safe +from django.views.decorators.csrf import csrf_protect DEFAULT_TEMPLATE = 'flatpages/default.html' +# This view is called from FlatpageFallbackMiddleware.process_response +# when a 404 is raised, which often means CsrfViewMiddleware.process_view +# has not been called even if CsrfViewMiddleware is installed. So we need +# to use @csrf_protect, in case the template needs {% csrf_token %}. +@csrf_protect def flatpage(request, url): """ Flat page view.