remove CsrfResponseMiddleware and use csrf_tokens in the templates

15 years ago · fc7237e150
3 changed files with 5 additions and 6 deletions
--- a/pyweb/mumble/templates/mumble/mumble.html
+++ b/pyweb/mumble/templates/mumble/mumble.html
@ -41,7 +41,7 @@
    <div id="mumble_registration" class="mumble-ext">
  {% if user.is_authenticated %}
      <h2>{% trans "Server registration" %}</h2>
-      <form action="{% url mumble.views.show DBaseObject.id %}" method="post">
+      <form action="{% url mumble.views.show DBaseObject.id %}" method="post">{% csrf_token %}
        {% if Registered %}
          {% trans "You are registered on this server" %}.<br />
        {% else %}
@ -93,7 +93,7 @@
            {% endblocktrans %}
          {% endif %}
        </p>
-        <form action="{% url mumble.views.show DBaseObject.id %}" method="post" enctype="multipart/form-data">
+        <form action="{% url mumble.views.show DBaseObject.id %}" method="post" enctype="multipart/form-data">{% csrf_token %}
          <table>
            {{ TextureForm }}
          </table>
@ -107,7 +107,7 @@
  {% if CurrentUserIsAdmin %}
    <div id="mumble_admin" class="mumble-ext">
      <h2>{% trans "Server administration" %}</h2>
-      <form action="{% url mumble.views.show DBaseObject.id %}" method="post">
+      <form action="{% url mumble.views.show DBaseObject.id %}" method="post">{% csrf_token %}
        <table>
          {{ AdminForm }}
        </table>
@ -164,7 +164,7 @@
      {% if CurrentUserIsAdmin or user.is_staff %}
        <fieldset>
          <legend>{% trans "Kick user" %}</legend>
-          <form action="{% url mumble.views.show DBaseObject.id %}" method="POST">
+          <form action="{% url mumble.views.show DBaseObject.id %}" method="POST">{% csrf_token %}
            <input type="hidden" name="mode"    value="kick" />
            <input type="hidden" name="session" value="{{ item.session }}" />
            <ul>
--- a/pyweb/settings.py
+++ b/pyweb/settings.py
@ -209,7 +209,6 @@ MIDDLEWARE_CLASSES = (
    'django.middleware.common.CommonMiddleware',
    'django.contrib.sessions.middleware.SessionMiddleware',
    'django.middleware.csrf.CsrfViewMiddleware',
-    'django.middleware.csrf.CsrfResponseMiddleware',
    'django.middleware.locale.LocaleMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
 )
--- a/pyweb/templates/registration/login.html
+++ b/pyweb/templates/registration/login.html
@ -19,7 +19,7 @@
 <p>Username or password don't exist or are not correct. Please try again.</p>
 {% endif %}

-<form method="post" action=".">
+<form method="post" action=".">{% csrf_token %}
 <table>
 <tr><td>{{ form.username.label_tag }}</td><td>{{ form.username }}</td></tr>
 <tr><td>{{ form.password.label_tag }}</td><td>{{ form.password }}</td></tr>