Changes between Version 1 and Version 2 of CsrfProtection


Ignore:
Timestamp:
05/11/09 10:37:02 (6 years ago)
Author:
lukeplant
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • CsrfProtection

    v1 v2  
    117117CSRF protection should be done by the following method:
    118118
    119  * Session independent nonce
     119 * Session independent nonce (with backwards compatibility for the Django 1.0 token to avoid upgrade bumps)
    120120 * Additionally, strict Referer header checking for HTTPS only
    121121 * Template tag for inserting the CRSF token (with a backwards compatible !CsrfResponseMiddleware which can be used at the same time as the template tag, to allow people to upgrade without upgrading all their apps).
Back to Top