Why not remove csrfmiddlewaretoken from request.POST?

I have various views which break on the additional csrfmiddlewaretoken
in request.POST when using the recommendet CSRF protection with
CsrfViewMiddleware and {% csrf_token %}.

Why don't we just remove the csrfmiddlewaretoken before the request
hits the views?

patch on middleware/csrf.py 1.2.1 final:

11a12
> from django import http
162a164,167
>
> tmp_post = request.POST.copy()
> del tmp_post['csrfmiddlewaretoken']
> request.POST = http.QueryDict(tmp_post.urlencode())

My code seems to work and the CSRF protection is now completely
transparent to the views. Only the templates and the
MIDDLEWARE_CLASSES needs to know about it.

Regards,
Dirk

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to django-users+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/django-users?hl=en.