Always render hidden CSRF token input in reusable non-crispy templates#3157
Conversation
🦙 MegaLinter status: ✅ SUCCESS
See detailed report in MegaLinter reports MegaLinter is graciously provided by |
Test results 9 files 9 suites 8m 31s ⏱️ Results for commit 713ce0f. ♻️ This comment has been updated with latest results. |
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## master #3157 +/- ##
==========================================
- Coverage 60.45% 60.41% -0.04%
==========================================
Files 605 605
Lines 43745 43734 -11
Branches 48 48
==========================================
- Hits 26448 26424 -24
- Misses 17285 17298 +13
Partials 12 12 ☔ View full report in Codecov by Sentry. |
johannaengland
left a comment
There was a problem hiding this comment.
Very good, let's do this!
|
But I would like to see a changelog file for this change |
|
A more robust version of #3056
This implementation means that CSRF token will be rendered also for GET forms (not so rare form type in NAV) which is a slight redundancy. At the same time it is a worthwhile one since this change means that
_form_content.htmltemplate becomes reusable by forms that were originally non-crispy (with auto-included CSRF token). This is very handy for campus task # 45. Note that there is no (reliable) way to check whether a Django form is a POST form thats why this redundancy is needed.Also see: #3140 (comment)