Opened 9 years ago

Closed 9 years ago

Last modified 9 years ago

#26165 closed Cleanup/optimization (fixed)

Add an FAQ that explains why Django's CSRF isn't vulnerable

Reported by: Tim Graham Owned by: Vivek Unnikrishnan
Component: Documentation Version: dev
Severity: Normal Keywords:
Cc: Florian Apolloner, zachborboa@… Triage Stage: Accepted
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

It's a common invalid report to the security mailing list.

There are some public threads like https://groups.google.com/d/topic/django-developers/zpqGUyAdjH8/discussion but it would nice to be have a canonical answer to point to.

Change History (8)

comment:1 by Vivek Unnikrishnan, 9 years ago

Owner: changed from nobody to Vivek Unnikrishnan
Status: newassigned

comment:2 by Vivek Unnikrishnan, 9 years ago

Triage Stage: AcceptedReady for checkin

FAQ has been made. Branch ticket_26165 on fork acemaster Link here: https://github.com/acemaster/django/tree/ticket_26165

comment:3 by Tim Graham, 9 years ago

Has patch: set
Triage Stage: Ready for checkinAccepted

Please don't mark your own ticket as "Ready for checkin" -- see the triaging guidelines.

I created a pull request from your branch..

comment:4 by Tim Graham, 9 years ago

Patch needs improvement: set

comment:5 by Tim Graham, 9 years ago

Patch needs improvement: unset

comment:6 by Zach Borboa, 9 years ago

Cc: zachborboa@… added

comment:7 by Tim Graham <timograham@…>, 9 years ago

Resolution: fixed
Status: assignedclosed

In a1b1688:

Fixed #26165 -- Added some FAQs about CSRF protection.

Thanks Florian Apolloner and Shai Berger for review.

comment:8 by Tim Graham <timograham@…>, 9 years ago

In 73d8e646:

[1.9.x] Fixed #26165 -- Added some FAQs about CSRF protection.

Thanks Florian Apolloner and Shai Berger for review.

Backport of a1b1688c7d6c1a6d307bd22669bd20f08e948f8d from master

Note: See TracTickets for help on using tickets.
Back to Top