#510: [patch] Defend admin against CSRF attacks
-----------------------------+----------------------------------------------
Reporter: Simon Willison | Owner: adrian
Type: enhancement | Status: new
Priority: high | Milestone: Version 1.0
Component: Admin interface | Version:
Severity: major | Resolution:
Keywords: |
-----------------------------+----------------------------------------------
Comment (by lukeplant):
I was prompted by SmileyChris's addition to add a link here to the CSRF
middleware I wrote a while back. It uses a more lightweight approach that
doesn't require storing anything in the database, and works for any POST
request, not just the admin.
http://lukeplant.me.uk/resources/csrfmiddleware/
--
Ticket URL: <http://code.djangoproject.com/ticket/510>
Django <http://code.djangoproject.org/>
The web framework for perfectionists with deadlines.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to django-updates@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/django-updates
-~----------~----~----~----~------~----~------~--~---
