Moved contrib.csrf.* to core code.

There is stub code for backwards compatiblity with Django 1.1 imports. The documentation has been updated, but has been left in docs/contrib/csrf.txt for now, in order to avoid dead links to documentation on the website. git-svn-id: http://code.djangoproject.com/svn/django/trunk@11661 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2025-11-07 07:15:35 +00:00 · 2009-10-27 00:36:34 +00:00
parent 8e70cef9b6
commit 7230a995ce
26 changed files with 394 additions and 355 deletions
--- a/django/core/context_processors.py
+++ b/django/core/context_processors.py
@@ -8,6 +8,7 @@ RequestContext.
 """

 from django.conf import settings
+from django.middleware.csrf import get_token
 from django.utils.functional import lazy, memoize, SimpleLazyObject

 def auth(request):
@@ -40,6 +41,24 @@ def auth(request):
        'perms':  lazy(lambda: PermWrapper(get_user()), PermWrapper)(),
    }

+def csrf(request):
+    """
+    Context processor that provides a CSRF token, or the string 'NOTPROVIDED' if
+    it has not been provided by either a view decorator or the middleware
+    """
+    def _get_val():
+        token = get_token(request)
+        if token is None:
+            # In order to be able to provide debugging info in the
+            # case of misconfiguration, we use a sentinel value
+            # instead of returning an empty dict.
+            return 'NOTPROVIDED'
+        else:
+            return token
+    _get_val = lazy(_get_val, str)
+
+    return {'csrf_token': _get_val() }
+
 def debug(request):
    "Returns context variables helpful for debugging."
    context_extras = {}