| From: | Magnus Hagander <magnus(at)hagander(dot)net> |
|---|---|
| To: | Marti Raudsepp <marti(at)juffo(dot)org> |
| Cc: | pgsql-www <pgsql-www(at)postgresql(dot)org> |
| Subject: | Re: [PATCH] Enable CsrfViewMiddleware -- make CSRF protection required by default |
| Date: | 2012-11-07 19:39:25 |
| Message-ID: | CABUevEx-_14Euhqd5_MtrH2MDHBme+1bNG6Dw1-ywKBGdLhySg@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-www |
On Wed, Nov 7, 2012 at 8:35 PM, Marti Raudsepp <marti(at)juffo(dot)org> wrote:
> On Wed, Nov 7, 2012 at 9:11 PM, Magnus Hagander <magnus(at)hagander(dot)net> wrote:
>>> "It all worked on my computer" ;)
>>
>> Really? Because the purging form doesn't work on my local machine...
>> Which does not go through varnish at any point, for example.
>
> Well I meant that half-jokingly.
>
> I don't have a complete development environment. When I navigate to
> that page, I get "ERROR: schema "pgq" does not exist".
Hmm. That was *supposed* to be handled by varnish_local.sql. But I see
now that it tries to actually look into the table that doesn't exist.
The actual form would work - it's just the listing of what's in the
queue right now that's now broken. That could just be rendered as a
completely empty listing in the case that there is no pgq installed -
that should be an easy fix.
> With that said, I can't see why these views/forms wouldn't work with
> CSRF. They're not doing cross-domain requests or anything. I will need
> to drill deeper.
Me either - it looked fine when reviewing the patch. Just not when
testing it (in production) :)
--
Magnus Hagander
Me: http://www.hagander.net/
Work: http://www.redpill-linpro.com/
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Magnus Hagander | 2012-11-07 19:58:06 | Re: [GENERAL] Error registering at postgresql.org |
| Previous Message | Marti Raudsepp | 2012-11-07 19:35:33 | Re: [PATCH] Enable CsrfViewMiddleware -- make CSRF protection required by default |