Changes between Version 1 and Version 2 of CsrfProtection
- Timestamp:
- May 11, 2009, 10:37:02 AM (15 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
CsrfProtection
v1 v2 117 117 CSRF protection should be done by the following method: 118 118 119 * Session independent nonce 119 * Session independent nonce (with backwards compatibility for the Django 1.0 token to avoid upgrade bumps) 120 120 * Additionally, strict Referer header checking for HTTPS only 121 121 * Template tag for inserting the CRSF token (with a backwards compatible !CsrfResponseMiddleware which can be used at the same time as the template tag, to allow people to upgrade without upgrading all their apps).