Another protective hack would be to omit the
CSRF token when the form is read only.
Thanks -- interesting idea! Ultimate goal is for the user to be able to tell they can't edit the form via the fields being read only (which applies a different style via the CSS) but that's a really interesting additional piece to potentially throw into the mix.
-- You received this message because you are subscribed to the Google Groups "Django users" group.
To view this discussion on the web visit https://groups.google.com/d/msg/django-users/-/zd40PUCUmwoJ.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to django-users+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
No comments:
Post a Comment