Opened 4 years ago

Last modified 5 months ago

#16859 new Cleanup/optimization

CSRF Improvements

Reported by: PaulM Owned by: PaulM
Component: CSRF Version: master
Severity: Normal Keywords:
Cc: cmawebsite@… Triage Stage: Accepted
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

This is a ticket to keep track of general CSRF improvements we want to add to Django.

This includes:

  • #16010 - add Origin checking
  • Optionally tie CSRF to sessions
  • Use signing to improve CSRF (maybe with sessions)
  • Improve domain/host checking - deal with the subdomain to subdomain problem

Change History (3)

comment:1 Changed 18 months ago by Japneet Singh

This ticket requires some cleanup and some makeover.Optional tie setup may work or may may not as it has some vulnerabilities.I would kike to add that we build a basic framework for these things to happen.

comment:2 Changed 7 months ago by collinanderson

  • Cc cmawebsite@… added

comment:3 Changed 5 months ago by auvipy

  • Version changed from 1.3 to master
Note: See TracTickets for help on using tickets.
Back to Top