diff --git a/django/contrib/admin/sites.py b/django/contrib/admin/sites.py
index 33126999c8..52ef57370d 100644
--- a/django/contrib/admin/sites.py
+++ b/django/contrib/admin/sites.py
@@ -3,7 +3,7 @@ from django import http, template
 from django.contrib.admin import ModelAdmin
 from django.contrib.admin import actions
 from django.contrib.auth import authenticate, login
-from django.views.decorators.csrf import csrf_protect, csrf_response_exempt
+from django.views.decorators.csrf import csrf_protect
 from django.db.models.base import ModelBase
 from django.core.exceptions import ImproperlyConfigured
 from django.core.urlresolvers import reverse
@@ -189,7 +189,7 @@ class AdminSite(object):
             inner = never_cache(inner)
         # We add csrf_protect here so this function can be used as a utility
         # function for any view, without having to repeat 'csrf_protect'.
-        inner = csrf_response_exempt(csrf_protect(inner))
+        inner = csrf_protect(inner)
         return update_wrapper(inner, view)
 
     def get_urls(self):
diff --git a/docs/ref/contrib/csrf.txt b/docs/ref/contrib/csrf.txt
index 0cbe59907c..126df83676 100644
--- a/docs/ref/contrib/csrf.txt
+++ b/docs/ref/contrib/csrf.txt
@@ -178,7 +178,9 @@ Note that contrib apps, such as the admin, have been updated to use the
 customised templates to any of the view functions of contrib apps (whether
 explicitly via a keyword argument, or by overriding built-in templates), **you
 MUST update them** to include the ``csrf_token`` template tag as described
-above, or they will stop working.
+above, or they will stop working.  (If you cannot update these templates for
+some reason, you will be forced to use ``CsrfResponseMiddleware`` for these
+views to continue working).
 
 Assuming you have followed the above, all views in your Django site will now be
 protected by the ``CsrfViewMiddleware``.  Contrib apps meet the requirements