Re: [Django] #35328: Improve CSRF Origin checking messaging

2024-05-24 Thread Django 
#35328: Improve CSRF Origin checking messaging
-+-
 Reporter:  Ryan Hiebert |Owner:  Ryan
 Type:   |  Hiebert
  Cleanup/optimization   |   Status:  assigned
Component:  CSRF |  Version:  dev
 Severity:  Normal   |   Resolution:
 Keywords:   | Triage Stage:  Accepted
Has patch:  1|  Needs documentation:  0
  Needs tests:  0|  Patch needs improvement:  1
Easy pickings:  0|UI/UX:  0
-+-
Changes (by Sarah Boyce):

 * needs_better_patch:  0 => 1

-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/0107018fab23f503-1d6d7dab-d6a3-432f-bb22-92749b55242f-00%40eu-central-1.amazonses.com.

Re: [Django] #35328: Improve CSRF Origin checking messaging

2024-05-22 Thread Django 
#35328: Improve CSRF Origin checking messaging
-+-
 Reporter:  Ryan Hiebert |Owner:  Ryan
 Type:   |  Hiebert
  Cleanup/optimization   |   Status:  assigned
Component:  CSRF |  Version:  dev
 Severity:  Normal   |   Resolution:
 Keywords:   | Triage Stage:  Accepted
Has patch:  1|  Needs documentation:  0
  Needs tests:  0|  Patch needs improvement:  0
Easy pickings:  0|UI/UX:  0
-+-
Changes (by Ryan Hiebert):

 * needs_better_patch:  1 => 0

-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/0107018fa034fa55-db2d8036-8d1c-499f-a2b4-6dd77a2c75de-00%40eu-central-1.amazonses.com.

Re: [Django] #35328: Improve CSRF Origin checking messaging

2024-05-22 Thread Django 
#35328: Improve CSRF Origin checking messaging
-+-
 Reporter:  Ryan Hiebert |Owner:  Ryan
 Type:   |  Hiebert
  Cleanup/optimization   |   Status:  assigned
Component:  CSRF |  Version:  dev
 Severity:  Normal   |   Resolution:
 Keywords:   | Triage Stage:  Accepted
Has patch:  1|  Needs documentation:  0
  Needs tests:  0|  Patch needs improvement:  1
Easy pickings:  0|UI/UX:  0
-+-
Changes (by Sarah Boyce):

 * needs_better_patch:  0 => 1

-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/0107018f9fc410c4-b11b858c-b6f6-45aa-9889-bab5882c6116-00%40eu-central-1.amazonses.com.

Re: [Django] #35328: Improve CSRF Origin checking messaging

2024-05-20 Thread Django 
#35328: Improve CSRF Origin checking messaging
-+-
 Reporter:  Ryan Hiebert |Owner:  Ryan
 Type:   |  Hiebert
  Cleanup/optimization   |   Status:  assigned
Component:  CSRF |  Version:  dev
 Severity:  Normal   |   Resolution:
 Keywords:   | Triage Stage:  Accepted
Has patch:  1|  Needs documentation:  0
  Needs tests:  0|  Patch needs improvement:  0
Easy pickings:  0|UI/UX:  0
-+-
Changes (by Ryan Hiebert):

 * needs_better_patch:  1 => 0

-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/0107018f98d5b4d9-7bc2257f-cba5-4b37-b5cf-f75f00292759-00%40eu-central-1.amazonses.com.

Re: [Django] #35328: Improve CSRF Origin checking messaging

2024-04-25 Thread Django 
#35328: Improve CSRF Origin checking messaging
-+-
 Reporter:  Ryan Hiebert |Owner:  Ryan
 Type:   |  Hiebert
  Cleanup/optimization   |   Status:  assigned
Component:  CSRF |  Version:  dev
 Severity:  Normal   |   Resolution:
 Keywords:   | Triage Stage:  Accepted
Has patch:  1|  Needs documentation:  0
  Needs tests:  0|  Patch needs improvement:  1
Easy pickings:  0|UI/UX:  0
-+-
Changes (by Sarah Boyce):

 * needs_better_patch:  0 => 1

-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/0107018f15ae3e47-92d283d6-2b7a-48c1-8124-84715fa8618b-00%40eu-central-1.amazonses.com.

Re: [Django] #35328: Improve CSRF Origin checking messaging

2024-04-07 Thread Django 
#35328: Improve CSRF Origin checking messaging
-+-
 Reporter:  Ryan Hiebert |Owner:  Ryan
 Type:   |  Hiebert
  Cleanup/optimization   |   Status:  assigned
Component:  CSRF |  Version:  dev
 Severity:  Normal   |   Resolution:
 Keywords:   | Triage Stage:  Accepted
Has patch:  1|  Needs documentation:  0
  Needs tests:  0|  Patch needs improvement:  0
Easy pickings:  0|UI/UX:  0
-+-
Changes (by Ryan Hiebert):

 * owner:  nobody => Ryan Hiebert

-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/0107018eb86bb281-7f574e01-90bb-44ae-996b-71f3eb225959-00%40eu-central-1.amazonses.com.

Re: [Django] #35328: Improve CSRF Origin checking messaging

2024-03-29 Thread Django 
#35328: Improve CSRF Origin checking messaging
--+
 Reporter:  Ryan Hiebert  |Owner:  nobody
 Type:  Cleanup/optimization  |   Status:  assigned
Component:  CSRF  |  Version:  dev
 Severity:  Normal|   Resolution:
 Keywords:| Triage Stage:  Accepted
Has patch:  1 |  Needs documentation:  0
  Needs tests:  0 |  Patch needs improvement:  0
Easy pickings:  0 |UI/UX:  0
--+
Changes (by Ryan Hiebert):

 * needs_better_patch:  1 => 0

-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/0107018e8d5683d1-0c883757-f830-432b-9b96-d95070ae96d8-00%40eu-central-1.amazonses.com.

Re: [Django] #35328: Improve CSRF Origin checking messaging

2024-03-25 Thread Django 
#35328: Improve CSRF Origin checking messaging
--+
 Reporter:  Ryan Hiebert  |Owner:  nobody
 Type:  Cleanup/optimization  |   Status:  assigned
Component:  CSRF  |  Version:  dev
 Severity:  Normal|   Resolution:
 Keywords:| Triage Stage:  Accepted
Has patch:  1 |  Needs documentation:  0
  Needs tests:  0 |  Patch needs improvement:  1
Easy pickings:  0 |UI/UX:  0
--+
Changes (by Mariusz Felisiak):

 * needs_better_patch:  0 => 1

-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/0107018e7770d35f-beda6ab0-dad9-4068-b4f6-a2567b454fdd-00%40eu-central-1.amazonses.com.

Re: [Django] #35328: Improve CSRF Origin checking messaging

2024-03-25 Thread Django 
#35328: Improve CSRF Origin checking messaging
--+
 Reporter:  Ryan Hiebert  |Owner:  nobody
 Type:  Cleanup/optimization  |   Status:  assigned
Component:  CSRF  |  Version:  dev
 Severity:  Normal|   Resolution:
 Keywords:| Triage Stage:  Accepted
Has patch:  1 |  Needs documentation:  0
  Needs tests:  0 |  Patch needs improvement:  0
Easy pickings:  0 |UI/UX:  0
--+
Changes (by Natalia Bidart):

 * cc: Carlton Gibson, tim-schilling (added)
 * stage:  Unreviewed => Accepted
 * type:  New feature => Cleanup/optimization

Comment:

 Accepting following the linked Forum discussion.
-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/0107018e762799bb-69fbaccd-6b2d-426a-a02a-b4284a4e7712-00%40eu-central-1.amazonses.com.

[Django] #35328: Improve CSRF Origin checking messaging

2024-03-24 Thread Django 
#35328: Improve CSRF Origin checking messaging
+--
   Reporter:  Ryan Hiebert  |  Owner:  nobody
   Type:  New feature   | Status:  assigned
  Component:  CSRF  |Version:  dev
   Severity:  Normal|   Keywords:
   Triage Stage:  Unreviewed|  Has patch:  1
Needs documentation:  0 |Needs tests:  0
Patch needs improvement:  0 |  Easy pickings:  0
  UI/UX:  0 |
+--
 A very common misconfiguration is for the
 `SECURE_PROXY_SSL_HEADER` setting to not be configured correctly. This
 causes the origin checks to fail, but the messaging leads folks like me to
 the `CSRF_TRUSTED_ORIGINS` setting, which is not really what you want in
 this scenario. In some cases, like GitHub Codespaces, you may also need
 the `USE_X_FORWARDED_HOST` setting as well.

 I believe we can make some common scenarios easier to fix by improving our
 error messaging. Particularly in `DEBUG` mode, we can show useful
 information about their headers and give a suggestion about what fix might
 be appropriate.

 https://forum.djangoproject.com/t/forwarded-headers-csrf-hints/28616
-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/0107018e737ec8d9-d1b3dbb2-1a6b-4cc2-9960-88bf85058e29-00%40eu-central-1.amazonses.com.