Django ponycheckup check up results

2016-09-17 Thread Sandeep Patil
Dear All,

I checked my django site a security ponycheckup at ponycheckup.com and I 
got 90%, which is good. However I am stuck at resolving the error "
Web server allows TRACE
Your web server allows the TRACE method. This is not good, as it rarely 
serves a purpose, and can be used in cross-site scripting attacks."

I tried to look around for answers and most of them had solutions for 
modifying htaccess file. Since I use AWS EB, I dont want to manually modify 
any server files (because they get overwritten and writing a EB command 
looks very hacky). Is there a Django way of resolving this issue (some 
setting in settings.py)?




-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/f990e541-6cb9-45e7-8aea-6c708ff2ac02%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: Registration form submission problem

2016-09-17 Thread ludovic coues
Personally, I would look at the generated HTML for the form, to see if
anything is wrong.

https://gist.github.com/gkrnours/6461781883e6add258d6a70ea1804b0f is
how I have done a user registration view if you want to compare

2016-09-17 10:31 GMT+02:00 Timothy Steele :
> below is also the views.py file for the registration form
>
> def register_page(request):
> if request.method=="POST":
> form=RegistrationForm(request.POST)
> if form.is_valid():
> user=User.objects.create_user(
> username=form.clean_data['username'],
> password=form.clean_data['password1'],
> email=form.clean_data['email']
> )
> return HttpResponseRedirect('/')
> else:
> form=RegistrationForm()
> variables=RequestContext(request,{'form':form })
> return render_to_response(
> 'registration/register.html', variables
> )
>
>
> On Saturday, September 17, 2016 at 9:02:52 AM UTC+1, Timothy Steele wrote:
>>
>> first i created a Login form and an error message show as  CSRF token
>> missing or incorrect.
>> I was able to work it out by adding {% csrf_token %} int the login form
>> and adding the import file in the views as from django.template import
>> Context,RequestContext.
>>
>> But when i created a registration form the same problem came and i  submit
>> the form, i added the {% csrf_token %} file in the registration form but it
>> did not work.
>> the code are shown below
>>
>> {% extends "base.html" %}
>> {% block title %}User Registration{% endblock %}
>> {% block head %}User Registration{% endblock %}
>> {% block content %}
>>
>> 
>> {% csrf_token %}{{ form.as_p }}
>> 
>> 
>> {% endblock %}
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-users+unsubscr...@googlegroups.com.
> To post to this group, send email to django-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/django-users.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-users/5e200b47-6e50-4af2-9922-f77e79d46a74%40googlegroups.com.
>
> For more options, visit https://groups.google.com/d/optout.



-- 

Cordialement, Coues Ludovic
+336 148 743 42

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/CAEuG%2BTZhX2mWf2990QAyZhDg-Bq3P9bs-QsfiLVoDLXwuErW4w%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.


Re: Registration form submission problem

2016-09-17 Thread Timothy Steele
below is also the views.py file for the registration form

def register_page(request):
if request.method=="POST":
form=RegistrationForm(request.POST)
if form.is_valid():
user=User.objects.create_user(
username=form.clean_data['username'],
password=form.clean_data['password1'],
email=form.clean_data['email']
)
return HttpResponseRedirect('/')
else:
form=RegistrationForm()
variables=RequestContext(request,{'form':form })
return render_to_response(
'registration/register.html', variables
)


On Saturday, September 17, 2016 at 9:02:52 AM UTC+1, Timothy Steele wrote:
>
> first i created a Login form and an error message show as  *CSRF token 
> missing or incorrect.*
> I was able to work it out by adding* {% csrf_token %}* int the login form 
> and adding the import file in the views as from *django.template import 
> Context,RequestContext.*
>
> But when i created a registration form the same problem came and i  submit 
> the form, i added the {% csrf_token %} file in the registration form but 
> it did not work. 
> the code are shown below
>
> {% extends "base.html" %}
> {% block title %}User Registration{% endblock %}
> {% block head %}User Registration{% endblock %}
> {% block content %}
>
> 
> {% csrf_token %}{{ form.as_p }}
> 
> 
> {% endblock %}
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/5e200b47-6e50-4af2-9922-f77e79d46a74%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: ModelAdmin missing a couple of key features, or am I doing this wrong?

2016-09-17 Thread James Schneider
On Sep 16, 2016 1:46 AM, "Andrea D'Amore"  wrote:
>
> On 16 September 2016 at 00:53,   wrote:
> > I have a ModelAdmin subclass (code at: )
>
> Gives a 404:
>
> The requested URL /0LAt was not found on this server.
>
>
> I'm missing the rationale of using an external paste service while
> you're already using a text-based medium, the mailing list, that's
> able to accomodate what's (hopefully) a small code excerpt, in worst
> case scenario I think it'll accept an attachment as well.
>
> This also has the added bonus of getting archived and never result in
> broken links and missing content, like it's likely to happen at some
> point with external services.
>

(OT Disclaimer...not directed at this OP.)

I would [mostly] disagree.

Rationale: A majority of my responses (including this one) are written on
my phone while I'm bored and out and about, or at night during my pre-bed
email check. While the GMail app is great, I've never seen it employ any
sort of code highlighting or sane code wrapping or indentation, beyond
copying directly out of an SO post or other snippet service. Probably
because the GMail app is an email client, not an IDE. There is also no real
way to preview the effects of spacing and line wrapping on multiple
devices, screen sizes, HTML vs. plain text, Unicode handling, etc.
Basically, there's a bunch of ways a direct paste from an IDE can go
sideways in an email, with an increasing likelihood for large code chunks.
Difficult-to-read code directly in an email will deter responses. It does
for me, anyway.

For small code snippets, absolutely, paste them directly in and just make
sure your indentation is at least consistent. If you have more than a dozen
or so SLOC, though, try and reduce the provided code to the stuff that's
necessary (which will often force an OP to really evaluate what their code
is doing and aid in troubleshooting), or make use of an external service
such as dpaste.de.

Mobile devices cannot always open external files, especially those with
less common extensions such as .py. It also fills up your mailbox,
needlessly. I rarely, if ever, open the attachments sent out to this list.
Trying to keep track of the original question compared with the code in a
separate application screen on a mobile device is nearly impossible.

A majority of the code in this list doesn't need to live forever once the
OP has a proper answer. A response with a summation of the correct solution
is almost always the key piece needed when searching through the archives
or Googling, at least in my experience with this list and other forums.

With that being said, sometimes the OP may not know the exact pieces that
are needed for inspection, or there are multiple files involved, so an
attachment may be necessary. Code snippet services also lack in this area.

IMHO, you hijacked this thread to insert your preference for posts, without
offering a single bit of advice to the OP, which reflects poorly on you. I
would offer advice to the OP, but I have none because I have little
experience using the built-in admin.

I would recommend that you offer suggestions for posting guidelines to the
moderators of this list and/or the Django devs. Help move this community
forward rather than criticising those requesting assistance, especially on
a point of personal preference.

Just my personal opinion; if I'm out of line, someone please let me know.

-James

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/CA%2Be%2BciW3FQNo1g%2B%2BBxw3zNWEPiOGfQ6EnixO-Th0geTDPrk1qg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.


Registration form submission problem

2016-09-17 Thread Timothy Steele
first i created a Login form and an error message show as  *CSRF token 
missing or incorrect.*
I was able to work it out by adding* {% csrf_token %}* int the login form 
and adding the import file in the views as from *django.template import 
Context,RequestContext.*

But when i created a registration form the same problem came and i  submit 
the form, i added the {% csrf_token %} file in the registration form but it 
did not work. 
the code are shown below

{% extends "base.html" %}
{% block title %}User Registration{% endblock %}
{% block head %}User Registration{% endblock %}
{% block content %}


{% csrf_token %}{{ form.as_p }}


{% endblock %}

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/7a4c5b24-de8e-4815-96e5-6452f6a996b9%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.