Opened 13 years ago
Last modified 3 years ago
#16859 closed New feature
CSRF Improvements — at Initial Version
| Reported by: | Paul McMillan | Owned by: | Paul McMillan |
|---|---|---|---|
| Component: | CSRF | Version: | dev |
| Severity: | Normal | Keywords: | |
| Cc: | cmawebsite@…, mail@… | Triage Stage: | Accepted |
| Has patch: | no | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
This is a ticket to keep track of general CSRF improvements we want to add to Django.
This includes:
- #16010 - add Origin checking
- Optionally tie CSRF to sessions
- Use signing to improve CSRF (maybe with sessions)
- Improve domain/host checking - deal with the subdomain to subdomain problem
Note:
See TracTickets
for help on using tickets.