id,summary,reporter,owner,description,type,status,component,version,severity,resolution,keywords,cc,stage,has_patch,needs_docs,needs_tests,needs_better_patch,easy,ui_ux 510,[patch] Defend admin against CSRF attacks,Simon Willison,Adrian Holovaty,"Django's admin pages are curently vulnerable to CSRF attacks, as described here: http://www.squarefree.com/securitytips/web-developers.html#CSRF All POST forms in the admin should contain a hidden field with a shared secret that can be used to confirm the origin of the form.",enhancement,closed,contrib.admin,,major,fixed,,gdub@…,Unreviewed,1,0,0,0,0,0