Stronger wording for CSRF protection in `modifying upload handlers on the fly`
|Reported by:||tomchristie||Owned by:||tomchristie|
|Cc:||Triage Stage:||Ready for checkin|
|Has patch:||yes||Needs documentation:||no|
|Needs tests:||no||Patch needs improvement:||no|
The text in modifying upload handlers on the fly could be more strongly worded regarding CSRF protection.
It might be better if the text "Assuming you do need CSRF protection, you will then need to use csrf_protect() on the function that actually processes the request." simply read "You will then need to use csrf_protect() on the function that actually processes the request."
Obviously it's a bit of a subjective issue, but I think the stronger implication that we're simply explaining how to defer when the CSRF validation runs, rather than making a decision about if it should be run would be slightly better.
Change History (6)
comment:1 Changed 5 years ago by aaugustin
- Component changed from Uncategorized to Documentation
- Needs documentation unset
- Needs tests unset
- Patch needs improvement unset
- Triage Stage changed from Unreviewed to Accepted
- Type changed from Uncategorized to Cleanup/optimization
Changed 5 years ago by tomchristie
comment:2 Changed 5 years ago by tomchristie
- Has patch set
- Owner changed from nobody to tomchristie
- Status changed from new to assigned
comment:4 Changed 5 years ago by timo
- Resolution set to fixed
- Status changed from assigned to closed