#28699: REMOTE_USER issues with CSRF
-------------------------------------+-------------------------------------
Reporter: stephanm | Owner: Colton
| Hicks
Type: Bug | Status: closed
Component: contrib.auth | Version: 1.11
Severity: Normal | Resolution: fixed
Keywords: remote user | Triage Stage: Ready for
| checkin
Has patch: 1 | Needs documentation: 0
Needs tests: 1 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Changes (by Carlton Gibson <carlton@…>):
* status: assigned => closed
* resolution: => fixed
Comment:
In [changeset:"f283ffaa84ef0a558eb466b8fc3fae7e6fbb547c" f283ffa]:
{{{
#!CommitTicketReference repository=""
revision="f283ffaa84ef0a558eb466b8fc3fae7e6fbb547c"
Fixed #28699 -- Fixed CSRF validation with remote user middleware.
Ensured process_view() always accesses the CSRF token from the session
or cookie, rather than the request, as rotate_token() may have been called
by an authentication middleware during the process_request() phase.
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/28699#comment:30>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-updates+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/066.879890148d6c1116d11a2da62d073833%40djangoproject.com.
