Page MenuHome

Fix T76716 - ensure CSRF token in landing page
AbandonedPublic

Authored by Francesco Siddi (fsiddi) on May 26 2020, 4:08 PM.

Diff Detail

Event Timeline

To add more context: I'm aware this is not the best way handle this (should rather use ensure_csrf_token), but because the view is served via Wagtail, I could not find a way to use that decorator.

Is there a reason to have {% csrf_token %} conditional?

Is there a reason to have {% csrf_token %} conditional?

As far as I could see, this code is really needed only if the user is not authenticated.
If the user is authenticated, a valid token is usually available in the session.