Home > mailing lists

[PATCH] Enable CsrfViewMiddleware -- make CSRF protection required by default - Mailing list pgsql-www

From	Marti Raudsepp
Subject	[PATCH] Enable CsrfViewMiddleware -- make CSRF protection required by default
Date	October 30, 2012 23:55:25
Msg-id	CABRT9RCR=ZmFcVEoSyGRtPNPNP1W+6esp3RwXqipWGU23oJjYg@mail.gmail.com Whole thread Raw
Responses	Re: [PATCH] Enable CsrfViewMiddleware -- make CSRF protection required by default (Magnus Hagander <magnus@hagander.net>)
List	pgsql-www

Tree view

Hi list,

I noticed that most of the forms on the Postgres community site don't
use CSRF protection. That's bad -- CSRF should be on by default.

I went through all the views that handle POST data and didn't find any
that should handle input from cross-domain requests. But CSRF
exceptions, if any, should be decorated with @csrf_exempt (from
django.views.decorators.csrf).

Also available from my Github repo: https://github.com/intgr/pgweb

Regards,
Marti

Attachment

0001-Enable-CsrfViewMiddleware-make-CSRF-protection-requi.patch

pgsql-www by date:

From: Devrim GÜNDÜZ
Date: 30 October 2012, 00:22:44
Subject: people.planetpostgresql.org will be down for maintenance

From: "Kevin Grittner"
Date: 31 October 2012, 00:56:54
Subject: Community profile ssh keys not making it to git

[PATCH] Enable CsrfViewMiddleware -- make CSRF protection required by default - Mailing list pgsql-www

Attachment

Previous

Next