mirror of https://github.com/django/django.git
Fixed #14182 - documented how to modify upload handlers when using CsrfViewMiddleware
Thanks to dc for the report. git-svn-id: http://code.djangoproject.com/svn/django/trunk@13960 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
parent
e2f55fbde6
commit
89ea98ca56
|
@ -270,6 +270,30 @@ list::
|
|||
Thus, you should always modify uploading handlers as early in your view as
|
||||
possible.
|
||||
|
||||
Also, ``request.POST`` is accessed by
|
||||
:class:`~django.middleware.csrf.CsrfViewMiddleware` which is enabled by
|
||||
default. This means you will probably need to use
|
||||
:func:`~django.views.decorators.csrf.csrf_exempt` on your view to allow you
|
||||
to change the upload handlers. Assuming you do need CSRF protection, you
|
||||
will then need to use :func:`~django.views.decorators.csrf.csrf_protect` on
|
||||
the function that actually processes the request. Note that this means that
|
||||
the handlers may start receiving the file upload before the CSRF checks have
|
||||
been done. Example code:
|
||||
|
||||
.. code-block:: python
|
||||
|
||||
from django.views.decorators.csrf import csrf_exempt, csrf_protect
|
||||
|
||||
@csrf_exempt
|
||||
def upload_file_view(request):
|
||||
request.upload_handlers.insert(0, ProgressBarUploadHandler())
|
||||
return _upload_file_view(request)
|
||||
|
||||
@csrf_protect
|
||||
def _upload_file_view(request):
|
||||
... # Process request
|
||||
|
||||
|
||||
Writing custom upload handlers
|
||||
------------------------------
|
||||
|
||||
|
|
Loading…
Reference in New Issue