Hiding the welcome message fails due to CSRF protection

RESOLVED FIXED

Status

RESOLVED FIXED
8 years ago
4 years ago

People

(Reporter: walkah, Assigned: walkah)

Tracking

Details

(Assignee)

Description

8 years ago
clicking the 'hide' button on the welcome broadcast message throws a 403 (via ajax) which is ignored.

This is due to the changed CSRF handling for AJAX in 1.2.5 - http://www.djangoproject.com/weblog/2011/feb/08/security/
Ah thanks for catching that. Wanna throw a @csrf_exempt decorator on the view that handles those requests and submit a pull request? :-)
(Assignee)

Updated

8 years ago
Assignee: nobody → walkah
(Assignee)

Comment 3

8 years ago
This has been merged
Status: NEW → RESOLVED
Last Resolved: 8 years ago
Resolution: --- → FIXED
Product: Websites → Websites Graveyard
You need to log in before you can comment on or make changes to this bug.