Changes between Version 11 and Version 12 of CsrfProtection


Ignore:
Timestamp:
08/29/2009 02:03:41 PM (6 years ago)
Author:
lukeplant
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • CsrfProtection

    v11 v12  
    148148 * there are required upgrade steps for contrib apps (including the admin) to continue working.  Given the fact that without CSRF protection enabled by default ticket #510 is a security bug that should not be considered closed, and the fact that the CSRF protection provided in Django 1.1 is considered inadequate (due to its performance and security problems), I think this is acceptable.
    149149
    150 This proposal is implemented in the lp-csrf_rework branch in http://bitbucket.org/spookylukey/django-trunk-lukeplant/ (with patches regularly copied to #9977).  It includes fixes to all the contrib apps. The only things not updated yet are the tutorials.  Fixing them unfortunately isn't trivial, and since we are turning on the CSRF middleware by default, the tutorials must beo be updated somehow.
     150This proposal is implemented in the lp-csrf_rework branch in http://bitbucket.org/spookylukey/django-trunk-lukeplant/ (with patches regularly copied to #9977).  It includes fixes to all the contrib apps and documentation.
    151151
    152152The docs for this branch, which contain upgrade information, are here: http://bitbucket.org/spookylukey/django-trunk-lukeplant/src/tip/docs/ref/contrib/csrf.txt
Back to Top