Re: [PATCH] Fix CSRF verification on /api/varnish/purge & misc - Mailing list pgsql-www

From Magnus Hagander
Subject Re: [PATCH] Fix CSRF verification on /api/varnish/purge & misc
Date
Msg-id CABUevEx+=ymD=8WOwMKcfKBAgXX3KC6F_Lno=pZBDjo6xia_JQ@mail.gmail.com
Whole thread Raw
In response to [PATCH] Fix CSRF verification on /api/varnish/purge & misc  (Marti Raudsepp <marti@juffo.org>)
Responses Re: [PATCH] Fix CSRF verification on /api/varnish/purge & misc
List pgsql-www
On Wed, Nov 7, 2012 at 10:30 PM, Marti Raudsepp <marti@juffo.org> wrote:
> Hi list,
>
> Three more patches:
>
> 0001-Update-ssl_required-decorator-to-play-nice-with-othe.patch
>
> This is the important one to make /api/varnish/purge/ work again. The
> @ssl_required decorator now cooperates with other decorators and
> retains attributes, rather than overriding them all.
>
> The other 2 decorators in util/decorators.py probably also need this
> fix, but I decided not to do it now to reduce testing effort.
>
> 0002-Fix-small-bug-in-api_varnish_purge-error-path.patch
>
> Insignificant: return HttpResponse instead of raising it in error path.
>
> 0003-CSRF-verification-failure-now-returns-HTTP-403-Forbi.patch
>
> The CSRF failure view previously returned with HTTP status 200 OK.
> That's wrong -- apps and browsers should be signaled that the request
> failed. Now returns 403 Forbidden.

Hi

They look good based on description. However, I believe you forgot to
attach the actual files.

--Magnus HaganderMe: http://www.hagander.net/Work: http://www.redpill-linpro.com/



pgsql-www by date:

Previous
From: Magnus Hagander
Date:
Subject: Re: [PATCH] Fix CSRF verification in /admin/mergeorg/ and /admin/purge/
Next
From: Marti Raudsepp
Date:
Subject: Re: [PATCH] Fix CSRF verification on /api/varnish/purge & misc