#28699: REMOTE_USER issues with CSRF -------------------------------------+------------------------------------- Reporter: stephanm | Owner: Colton | Hicks Type: Bug | Status: closed Component: contrib.auth | Version: 1.11 Severity: Normal | Resolution: fixed Keywords: remote user | Triage Stage: Ready for | checkin Has patch: 1 | Needs documentation: 0 Needs tests: 1 | Patch needs improvement: 0 Easy pickings: 0 | UI/UX: 0 -------------------------------------+------------------------------------- Changes (by Carlton Gibson <carlton@…>):
* status: assigned => closed * resolution: => fixed Comment: In [changeset:"f283ffaa84ef0a558eb466b8fc3fae7e6fbb547c" f283ffa]: {{{ #!CommitTicketReference repository="" revision="f283ffaa84ef0a558eb466b8fc3fae7e6fbb547c" Fixed #28699 -- Fixed CSRF validation with remote user middleware. Ensured process_view() always accesses the CSRF token from the session or cookie, rather than the request, as rotate_token() may have been called by an authentication middleware during the process_request() phase. }}} -- Ticket URL: <https://code.djangoproject.com/ticket/28699#comment:30> Django <https://code.djangoproject.com/> The Web framework for perfectionists with deadlines. -- You received this message because you are subscribed to the Google Groups "Django updates" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-updates+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/django-updates/066.879890148d6c1116d11a2da62d073833%40djangoproject.com.