mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-10-31 01:25:32 +00:00
Code Issues 32 Releases Wiki Activity

Fixed #23585 - Corrected internal comment.

Browse Source 
Removed misleading comment and provide correct one, explaining
idea behind hardcoded CSRF template context processor.
This commit is contained in:
Grzegorz Slusarek
2014-11-15 13:54:53 +01:00
parent 4f90c99635
commit b4bb5cd0a3
1 changed files with 1 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
django/template/context.py
View File

@@ -3,9 +3,7 @@ from django.utils.module_loading import import_string
# Cache of actual callables. # Cache of actual callables.
_standard_context_processors = None _standard_context_processors = None
# We need the CSRF processor no matter what the user has in their settings, # Hard-coded processor for easier use of CSRF protection.
# because otherwise it is a security vulnerability, and we can't afford to leave
# this to human error or failure to read migration instructions.
_builtin_context_processors = ('django.core.context_processors.csrf',) _builtin_context_processors = ('django.core.context_processors.csrf',)