Re: [Django] #32817: Include in CsrfViewMiddleware's bad CSRF token message where the token is from

2021-06-23 Thread Django 
#32817: Include in CsrfViewMiddleware's bad CSRF token message where the token 
is
from
-+-
 Reporter:  Chris Jerdonek   |Owner:  Chris
 Type:   |  Jerdonek
  Cleanup/optimization   |   Status:  assigned
Component:  CSRF |  Version:  dev
 Severity:  Normal   |   Resolution:
 Keywords:   | Triage Stage:  Ready for
 |  checkin
Has patch:  1|  Needs documentation:  0
  Needs tests:  0|  Patch needs improvement:  0
Easy pickings:  0|UI/UX:  0
-+-

Comment (by Mariusz Felisiak ):

 In [changeset:"6837bd68a44ee8676a522bfe6121bd3e82cea677" 6837bd68]:
 {{{
 #!CommitTicketReference repository=""
 revision="6837bd68a44ee8676a522bfe6121bd3e82cea677"
 Refs #32817 -- Added post_token/meta_token/token_header arguments to
 _get_POST_csrf_cookie_request().
 }}}

-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/067.6b31a37571e68f84c054b43f2210e4d6%40djangoproject.com.

Re: [Django] #32817: Include in CsrfViewMiddleware's bad CSRF token message where the token is from

2021-06-23 Thread Django 
#32817: Include in CsrfViewMiddleware's bad CSRF token message where the token 
is
from
-+-
 Reporter:  Chris Jerdonek   |Owner:  Chris
 Type:   |  Jerdonek
  Cleanup/optimization   |   Status:  assigned
Component:  CSRF |  Version:  dev
 Severity:  Normal   |   Resolution:
 Keywords:   | Triage Stage:  Ready for
 |  checkin
Has patch:  1|  Needs documentation:  0
  Needs tests:  0|  Patch needs improvement:  0
Easy pickings:  0|UI/UX:  0
-+-

Comment (by Mariusz Felisiak ):

 In [changeset:"1a284afb07ad8806b29044a8cdd0d0bb20165fa4" 1a284afb]:
 {{{
 #!CommitTicketReference repository=""
 revision="1a284afb07ad8806b29044a8cdd0d0bb20165fa4"
 Refs #32817 -- Added tests for bad CSRF token provided via X-CSRFToken or
 custom header.
 }}}

-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/067.f59d9c94fa824ccbddce79b38e04b403%40djangoproject.com.

Re: [Django] #32817: Include in CsrfViewMiddleware's bad CSRF token message where the token is from

2021-06-23 Thread Django 
#32817: Include in CsrfViewMiddleware's bad CSRF token message where the token 
is
from
-+-
 Reporter:  Chris Jerdonek   |Owner:  Chris
 Type:   |  Jerdonek
  Cleanup/optimization   |   Status:  closed
Component:  CSRF |  Version:  dev
 Severity:  Normal   |   Resolution:  fixed
 Keywords:   | Triage Stage:  Ready for
 |  checkin
Has patch:  1|  Needs documentation:  0
  Needs tests:  0|  Patch needs improvement:  0
Easy pickings:  0|UI/UX:  0
-+-
Changes (by Mariusz Felisiak ):

 * status:  assigned => closed
 * resolution:   => fixed


Comment:

 In [changeset:"fcb75651f9b8c2f76ec037f1a68a0e5c99263d8c" fcb7565]:
 {{{
 #!CommitTicketReference repository=""
 revision="fcb75651f9b8c2f76ec037f1a68a0e5c99263d8c"
 Fixed #32817 -- Added the token source to CsrfViewMiddleware's bad token
 error messages.
 }}}

-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/067.27381ed46b38892c558186241d1e5ea5%40djangoproject.com.

Re: [Django] #32817: Include in CsrfViewMiddleware's bad CSRF token message where the token is from

2021-06-23 Thread Django 
#32817: Include in CsrfViewMiddleware's bad CSRF token message where the token 
is
from
-+-
 Reporter:  Chris Jerdonek   |Owner:  Chris
 Type:   |  Jerdonek
  Cleanup/optimization   |   Status:  assigned
Component:  CSRF |  Version:  dev
 Severity:  Normal   |   Resolution:
 Keywords:   | Triage Stage:  Ready for
 |  checkin
Has patch:  1|  Needs documentation:  0
  Needs tests:  0|  Patch needs improvement:  0
Easy pickings:  0|UI/UX:  0
-+-

Comment (by Mariusz Felisiak ):

 In [changeset:"999402f1428870cf9f078940880c8646174bb909" 999402f]:
 {{{
 #!CommitTicketReference repository=""
 revision="999402f1428870cf9f078940880c8646174bb909"
 Refs #32817 -- Combined the bad-or-missing CSRF token tests.
 }}}

-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/067.8c53f8fd8f3b7cdd8e78b75f2e902b68%40djangoproject.com.

Re: [Django] #32817: Include in CsrfViewMiddleware's bad CSRF token message where the token is from

2021-06-22 Thread Django 
#32817: Include in CsrfViewMiddleware's bad CSRF token message where the token 
is
from
-+-
 Reporter:  Chris Jerdonek   |Owner:  Chris
 Type:   |  Jerdonek
  Cleanup/optimization   |   Status:  assigned
Component:  CSRF |  Version:  dev
 Severity:  Normal   |   Resolution:
 Keywords:   | Triage Stage:  Ready for
 |  checkin
Has patch:  1|  Needs documentation:  0
  Needs tests:  0|  Patch needs improvement:  0
Easy pickings:  0|UI/UX:  0
-+-
Changes (by Mariusz Felisiak):

 * stage:  Accepted => Ready for checkin


-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/067.63118d94e8c2e8ab9e7bf7a00070da30%40djangoproject.com.

Re: [Django] #32817: Include in CsrfViewMiddleware's bad CSRF token message where the token is from

2021-06-11 Thread Django 
#32817: Include in CsrfViewMiddleware's bad CSRF token message where the token 
is
from
-+-
 Reporter:  Chris Jerdonek   |Owner:  Chris
 Type:   |  Jerdonek
  Cleanup/optimization   |   Status:  assigned
Component:  CSRF |  Version:  dev
 Severity:  Normal   |   Resolution:
 Keywords:   | Triage Stage:  Accepted
Has patch:  1|  Needs documentation:  0
  Needs tests:  0|  Patch needs improvement:  0
Easy pickings:  0|UI/UX:  0
-+-
Changes (by Chris Jerdonek):

 * has_patch:  0 => 1


Comment:

 PR: https://github.com/django/django/pull/14518

-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/067.e0d98d25e6e953f84c65018e9217b19a%40djangoproject.com.

Re: [Django] #32817: Include in CsrfViewMiddleware's bad CSRF token message where the token is from

2021-06-07 Thread Django 
#32817: Include in CsrfViewMiddleware's bad CSRF token message where the token 
is
from
-+-
 Reporter:  Chris Jerdonek   |Owner:  Chris
 Type:   |  Jerdonek
  Cleanup/optimization   |   Status:  assigned
Component:  CSRF |  Version:  dev
 Severity:  Normal   |   Resolution:
 Keywords:   | Triage Stage:  Accepted
Has patch:  0|  Needs documentation:  0
  Needs tests:  0|  Patch needs improvement:  0
Easy pickings:  0|UI/UX:  0
-+-
Changes (by Chris Jerdonek):

 * owner:  nobody => Chris Jerdonek
 * status:  new => assigned


-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/067.06927dd1901d52fc33fe9c6edc59bd6c%40djangoproject.com.

Re: [Django] #32817: Include in CsrfViewMiddleware's bad CSRF token message where the token is from

2021-06-07 Thread Django 
#32817: Include in CsrfViewMiddleware's bad CSRF token message where the token 
is
from
--+
 Reporter:  Chris Jerdonek|Owner:  nobody
 Type:  Cleanup/optimization  |   Status:  new
Component:  CSRF  |  Version:  dev
 Severity:  Normal|   Resolution:
 Keywords:| Triage Stage:  Accepted
Has patch:  0 |  Needs documentation:  0
  Needs tests:  0 |  Patch needs improvement:  0
Easy pickings:  0 |UI/UX:  0
--+
Changes (by Mariusz Felisiak):

 * stage:  Unreviewed => Accepted


-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/067.2bc582295d8bd5b3c0dd00e6d8976e22%40djangoproject.com.

Re: [Django] #32817: Include in CsrfViewMiddleware's bad CSRF token message where the token is from

2021-06-04 Thread Django 
#32817: Include in CsrfViewMiddleware's bad CSRF token message where the token 
is
from
-+-
 Reporter:  Chris Jerdonek   |Owner:  nobody
 Type:   |   Status:  new
  Cleanup/optimization   |
Component:  CSRF |  Version:  dev
 Severity:  Normal   |   Resolution:
 Keywords:   | Triage Stage:
 |  Unreviewed
Has patch:  0|  Needs documentation:  0
  Needs tests:  0|  Patch needs improvement:  0
Easy pickings:  0|UI/UX:  0
-+-
Description changed by Chris Jerdonek:

Old description:

> Currently, if `CsrfViewMiddleware` encounters a bad CSRF token, it will
> reject the request with a message like--
>
> * "CSRF token incorrect"
> * "CSRF token has incorrect length"
>
> I noticed that it would be relatively easy to include in these messages
> whether the token was obtained from `POST` data or a custom header, which
> would be useful for troubleshooting. The new messages could look e.g.
> like--
>
> * "CSRF token (from POST) incorrect"
> * "CSRF token (from 'X-CSRFToken' header) has incorrect length"
>
> The changes to `CsrfViewMiddlewareTestMixin` proposed in #32800 would
> make these cases easy to test.

New description:

 Currently, if `CsrfViewMiddleware` encounters a bad CSRF token, it will
 reject the request with a message like--

 * "CSRF token incorrect"
 * "CSRF token has incorrect length"

 I noticed that it would be relatively easy to include in these messages
 whether the token was obtained from `POST` data or a custom header, which
 would be useful for troubleshooting. The messages are specified
 
[https://github.com/django/django/blob/213850b4b9641bdcb714172999725ec9aa9c9e84/django/middleware/csrf.py#L411-L417
 here in the code]. The new messages could look e.g. like--

 * "CSRF token (from POST) incorrect"
 * "CSRF token (from 'X-CSRFToken' header) has incorrect length"

 The changes to `CsrfViewMiddlewareTestMixin` proposed in #32800 would make
 these cases easy to test.

--

-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/067.56e17f3c75f476a136d8d4d2eb218640%40djangoproject.com.

[Django] #32817: Include in CsrfViewMiddleware's bad CSRF token message where the token is from

2021-06-04 Thread Django 
#32817: Include in CsrfViewMiddleware's bad CSRF token message where the token 
is
from
+
   Reporter:  Chris Jerdonek|  Owner:  nobody
   Type:  Cleanup/optimization  | Status:  new
  Component:  CSRF  |Version:  dev
   Severity:  Normal|   Keywords:
   Triage Stage:  Unreviewed|  Has patch:  0
Needs documentation:  0 |Needs tests:  0
Patch needs improvement:  0 |  Easy pickings:  0
  UI/UX:  0 |
+
 Currently, if `CsrfViewMiddleware` encounters a bad CSRF token, it will
 reject the request with a message like--

 * "CSRF token incorrect"
 * "CSRF token has incorrect length"

 I noticed that it would be relatively easy to include in these messages
 whether the token was obtained from `POST` data or a custom header, which
 would be useful for troubleshooting. The new messages could look e.g.
 like--

 * "CSRF token (from POST) incorrect"
 * "CSRF token (from 'X-CSRFToken' header) has incorrect length"

 The changes to `CsrfViewMiddlewareTestMixin` proposed in #32800 would make
 these cases easy to test.

-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/052.548d644e51de4adac0165bb5066cebf3%40djangoproject.com.