-
Notifications
You must be signed in to change notification settings - Fork 39
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Render CSRF token info in form content #3056
Conversation
🦙 MegaLinter status: ✅ SUCCESS
See detailed report in MegaLinter reports |
Test results 9 files 9 suites 8m 24s ⏱️ Results for commit f0f0b1e. ♻️ This comment has been updated with latest results. |
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## master #3056 +/- ##
=======================================
Coverage 60.47% 60.47%
=======================================
Files 605 605
Lines 43823 43823
Branches 48 48
=======================================
Hits 26504 26504
Misses 17307 17307
Partials 12 12 ☔ View full report in Codecov by Sentry. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Needs a changelog because if we turn TEMPLATE_DEBUG on without already having the token in context there will be a lot of exceptions.
Was on my way to add a changelog entry but then realised that this one is a pure refactor. We preserve the behaviour that crispy already provides. Or am I missing something @hmpf? |
Have you tried with crispy on and TEMPLATE_DEBUG on? If that doesn't lead to noise we're (hopefully) good. |
What do you mean by "with crispy on"? |
Try a NAV prior to the uncrispyfying code.
Should be! |
Ok, have checked. No exceptions in the browser, or in docker containers. But I guess it doesn't hurt to add a (temporary) changelog fragment. |
In order to completely match crispy's original implementation
15629a9
to
d636a61
Compare
@@ -0,0 +1 @@ | |||
Ensured that CSRF token info is preserved when refactoring crispy forms to non-crispy equivalents. This means that `flat_form.html` and `_form_content.html` templates will include CSRF token info if form method is set to `POST`. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good changelog, means it will be easy to find where it has been set!
Quality Gate passedIssues Measures |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Seems good, tested before and after and POST data now includes a csrfmiddlewaretoken
, same as crispyforms do
For #3055
This is to match the crispy forms behaviour in NAV 1:1. Ref https://github.com/django-crispy-forms/django-crispy-forms/blob/baf94397a011b3f15a9899097234caa68b86a65e/crispy_forms/templates/uni_form/whole_uni_form.html#L2 where
csrf_token
is always included inPOST
-forms since in NAV we never setdisable_csrf
toTrue
in code or context.