Re: [PATCH] Enable CsrfViewMiddleware -- make CSRF protection required by default

From: Marti Raudsepp <marti(at)juffo(dot)org>
To: Magnus Hagander <magnus(at)hagander(dot)net>
Cc: pgsql-www <pgsql-www(at)postgresql(dot)org>
Subject: Re: [PATCH] Enable CsrfViewMiddleware -- make CSRF protection required by default
Date: 2012-11-07 19:35:33
Message-ID: CABRT9RDg=Zkq5ChxqZtBNEiqcdTnxKqL7yTGi5s+MMkzyFpEfQ@mail.gmail.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-www

On Wed, Nov 7, 2012 at 9:11 PM, Magnus Hagander <magnus(at)hagander(dot)net> wrote:
>> "It all worked on my computer" ;)
>
> Really? Because the purging form doesn't work on my local machine...
> Which does not go through varnish at any point, for example.

Well I meant that half-jokingly.

I don't have a complete development environment. When I navigate to
that page, I get "ERROR: schema "pgq" does not exist".

With that said, I can't see why these views/forms wouldn't work with
CSRF. They're not doing cross-domain requests or anything. I will need
to drill deeper.

Regards,
Marti

In response to

Responses

Browse pgsql-www by date

  From Date Subject
Next Message Magnus Hagander 2012-11-07 19:39:25 Re: [PATCH] Enable CsrfViewMiddleware -- make CSRF protection required by default
Previous Message Magnus Hagander 2012-11-07 19:31:56 Re: Search points to ancient manuals