Changes between Version 11 and Version 12 of CsrfProtection
- Timestamp:
- Aug 29, 2009, 2:03:41 PM (15 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
CsrfProtection
v11 v12 148 148 * there are required upgrade steps for contrib apps (including the admin) to continue working. Given the fact that without CSRF protection enabled by default ticket #510 is a security bug that should not be considered closed, and the fact that the CSRF protection provided in Django 1.1 is considered inadequate (due to its performance and security problems), I think this is acceptable. 149 149 150 This proposal is implemented in the lp-csrf_rework branch in http://bitbucket.org/spookylukey/django-trunk-lukeplant/ (with patches regularly copied to #9977). It includes fixes to all the contrib apps . The only things not updated yet are the tutorials. Fixing them unfortunately isn't trivial, and since we are turning on the CSRF middleware by default, the tutorials must beo be updated somehow.150 This proposal is implemented in the lp-csrf_rework branch in http://bitbucket.org/spookylukey/django-trunk-lukeplant/ (with patches regularly copied to #9977). It includes fixes to all the contrib apps and documentation. 151 151 152 152 The docs for this branch, which contain upgrade information, are here: http://bitbucket.org/spookylukey/django-trunk-lukeplant/src/tip/docs/ref/contrib/csrf.txt