Mercurial Mercurial > blinkster / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
web/lib/django/contrib/flatpages/views.py
changeset 29 cc9b7e14412b
parent 0 0d40e90630ef 
--- a/web/lib/django/contrib/flatpages/views.py	Wed May 19 17:43:59 2010 +0200
+++ b/web/lib/django/contrib/flatpages/views.py	Tue May 25 02:43:45 2010 +0200
@@ -5,9 +5,15 @@
 from django.conf import settings
 from django.core.xheaders import populate_xheaders
 from django.utils.safestring import mark_safe
+from django.views.decorators.csrf import csrf_protect
 
 DEFAULT_TEMPLATE = 'flatpages/default.html'
 
+# This view is called from FlatpageFallbackMiddleware.process_response
+# when a 404 is raised, which often means CsrfViewMiddleware.process_view
+# has not been called even if CsrfViewMiddleware is installed. So we need
+# to use @csrf_protect, in case the template needs {% csrf_token %}.
+@csrf_protect
 def flatpage(request, url):
     """
     Flat page view.
blinkster