Comments (4)
First, thanks for the report / fixes!
The reason why we didn't do the second or third option before is that a lot of the sites using django-browserid (mainly the Mozilla ones since they're all on *.mozilla.org) also use django-session-csrf. Since django-session-csrf stores the token in the session, we can't rely on the token being in the cookie.
This first option seems doable, although the issue with multiple template engines is an annoying one. I'm not super-excited about it, but could we alter the current view to bind a dummy Template
instance before fetching the value? That way we could just generate an empty template instance from whatever the default template engine is and avoid worrying about which engine they're using.
In a semi-related note, does 1.8's swappable engines mean our current templates might be parsed by the wrong engine? I did some searching but couldn't find any useful info on how libraries specify what template engine they want to use.
from django-browserid.
After some discussion with @carljm it seems out best bet for the latter question will be to document how to add an extra template engine definition specifically for django-browserid if you're using non-DTL templates on your site.
I filed #283 for that specific issue. In the case of this issue I think a dummy template from the default template engine would be better.
from django-browserid.
Gotcha, that's what the comment at the top of the method meant :-)
OK, I've committed a change to bind to a dummy template instead of rendering it, and submitted the pull request #284. Unfortunately I have to use a try-except block for Django 1.8+, I didn't see a way that would be API-compatible with Django 1.4 to 1.8.
I tested it on my local install with Django 1.6 to 1.8, but all tests pass in tox and they include Django 1.4 too.
from django-browserid.
This was fixed by #284.
from django-browserid.
Related Issues (20)
- Document context processor removal in upgrade docs HOT 4
- csrftoken cookie not set by Django for most views HOT 4
- Impossible to override the redirect URL
- CsrfToken view should not be cached
- Use stateless Persona API HOT 1
- Updates to Goldilocks API HOT 2
- Docs for Custom User Model are a bit screwy HOT 2
- Disable autologin.js when BROWSERID_AUTOLOGIN_ENABLED = False even if it on the page. HOT 1
- Template tag browserid_logout breaks when link_class attribute is set HOT 2
- SSL certificate error HOT 3
- [Errno 32] Broken pipe on POST to /browserid/login/ and /browserid/csrf/ HOT 3
- The fancy_tag library isn't actually necessary HOT 4
- Document how to add a DTL template engine for 1.8 sites HOT 4
- Removal of /info/ endpoint causes problems for sites not using Django templating HOT 5
- Internet Explorer 11 specific error: "Relay frame could not be found " HOT 6
- Django 1.9 compatibility HOT 1
- Provide wheel package on PyPI HOT 11
- Django 1.8+ deprecation warning for urlpatterns in urls.py:28
- Verify.success_url never used with {% browserid_login %} HOT 6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from django-browserid.