On Tue, Oct 30, 2012 at 9:54 PM, Marti Raudsepp <marti@juffo.org> wrote:
Hi list,
I noticed that most of the forms on the Postgres community site don't use CSRF protection. That's bad -- CSRF should be on by default.
I went through all the views that handle POST data and didn't find any that should handle input from cross-domain requests. But CSRF exceptions, if any, should be decorated with @csrf_exempt (from django.views.decorators.csrf).