#26165 closed Cleanup/optimization (fixed)
Add an FAQ that explains why Django's CSRF isn't vulnerable
Reported by: | Tim Graham | Owned by: | Vivek Unnikrishnan |
---|---|---|---|
Component: | Documentation | Version: | dev |
Severity: | Normal | Keywords: | |
Cc: | Florian Apolloner, zachborboa@… | Triage Stage: | Accepted |
Has patch: | yes | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | no |
Easy pickings: | no | UI/UX: | no |
Description
It's a common invalid report to the security mailing list.
There are some public threads like https://groups.google.com/d/topic/django-developers/zpqGUyAdjH8/discussion but it would nice to be have a canonical answer to point to.
Change History (8)
comment:1 by , 9 years ago
Owner: | changed from | to
---|---|
Status: | new → assigned |
comment:2 by , 9 years ago
Triage Stage: | Accepted → Ready for checkin |
---|
comment:3 by , 9 years ago
Has patch: | set |
---|---|
Triage Stage: | Ready for checkin → Accepted |
Please don't mark your own ticket as "Ready for checkin" -- see the triaging guidelines.
I created a pull request from your branch..
comment:4 by , 9 years ago
Patch needs improvement: | set |
---|
comment:5 by , 9 years ago
Patch needs improvement: | unset |
---|
comment:6 by , 9 years ago
Cc: | added |
---|
Note:
See TracTickets
for help on using tickets.
FAQ has been made. Branch ticket_26165 on fork acemaster Link here: https://github.com/acemaster/django/tree/ticket_26165