From b4bb5cd0a31c6e9ebc2be9dff245f506940f9159 Mon Sep 17 00:00:00 2001 From: Grzegorz Slusarek Date: Sat, 15 Nov 2014 13:54:53 +0100 Subject: [PATCH] Fixed #23585 - Corrected internal comment. Removed misleading comment and provide correct one, explaining idea behind hardcoded CSRF template context processor. --- django/template/context.py | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/django/template/context.py b/django/template/context.py index 76af916cb7..fa721a9f5f 100644 --- a/django/template/context.py +++ b/django/template/context.py @@ -3,9 +3,7 @@ from django.utils.module_loading import import_string # Cache of actual callables. _standard_context_processors = None -# We need the CSRF processor no matter what the user has in their settings, -# because otherwise it is a security vulnerability, and we can't afford to leave -# this to human error or failure to read migration instructions. +# Hard-coded processor for easier use of CSRF protection. _builtin_context_processors = ('django.core.context_processors.csrf',)