#26165 closed Cleanup/optimization (fixed)
Add an FAQ that explains why Django's CSRF isn't vulnerable
| Reported by: | Tim Graham | Owned by: | Vivek Unnikrishnan |
|---|---|---|---|
| Component: | Documentation | Version: | dev |
| Severity: | Normal | Keywords: | |
| Cc: | Florian Apolloner, zachborboa@… | Triage Stage: | Accepted |
| Has patch: | yes | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
It's a common invalid report to the security mailing list.
There are some public threads like https://groups.google.com/d/topic/django-developers/zpqGUyAdjH8/discussion but it would nice to be have a canonical answer to point to.
Change History (8)
comment:1 by , 9 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:2 by , 9 years ago
| Triage Stage: | Accepted → Ready for checkin |
|---|
comment:3 by , 9 years ago
| Has patch: | set |
|---|---|
| Triage Stage: | Ready for checkin → Accepted |
Please don't mark your own ticket as "Ready for checkin" -- see the triaging guidelines.
I created a pull request from your branch..
comment:4 by , 9 years ago
| Patch needs improvement: | set |
|---|
comment:5 by , 9 years ago
| Patch needs improvement: | unset |
|---|
comment:6 by , 9 years ago
| Cc: | added |
|---|
Note:
See TracTickets
for help on using tickets.
FAQ has been made. Branch ticket_26165 on fork acemaster Link here: https://github.com/acemaster/django/tree/ticket_26165