Hi,
this is certainly a bug in your code or deployment via mod_wsgi (eg the two
projects are in the same python process).
Cheers,
Florian
--
You received this message because you are subscribed to the Google Groups
"Django developers (Contributions to Django itself)" group.
To unsubscribe f
I'm not a security expert, but one thing I could suggest is that this
setting does mean that only javascript on a page with a POST form can
access the CSRF token. Depending on the nature of your site, this could be
a significant proportion of pages.
On 17 April 2015 at 21:22, Gavin Wahl wrote:
>
Ahh, yes, that sounds like the warning box here:
https://docs.djangoproject.com/en/1.8/howto/deployment/wsgi/modwsgi/#basic-configuration
On Sunday, 19 April 2015 03:03:44 UTC-4, Florian Apolloner wrote:
>
> Hi,
>
> this is certainly a bug in your code or deployment via mod_wsgi (eg the
> two p
Though it could still ajax-in the token from a page that does have it,
right?
On Sunday, April 19, 2015 at 3:42:14 AM UTC-4, Marc Tamlyn wrote:
>
> I'm not a security expert, but one thing I could suggest is that this
> setting does mean that only javascript on a page with a POST form can
> acc
Hi Tim,
I have been using Docker, Vagrant, and Jenkins for a while now independently.
Would love to help out with this effort.
Feel free to reach out to me privately if you'd like to continue the discussion.
--
You received this message because you are subscribed to the Google Groups
"Django
JavaScript on page without a POST form can load a page with a POST form in
iframe (or open in a new window) and access CSRF token inside it.
--
You received this message because you are subscribed to the Google Groups
"Django developers (Contributions to Django itself)" group.
To unsubscribe fr
@Collin, this is not the case. As you can see I have 2 different WSGI
files. The contents of them are:
#site1_wsgi.py
import os
os.environ.setdefault("DJANGO_SETTINGS_MODULE", "site1_settings")
from django.core.wsgi import get_wsgi_application
application = get_wsgi_application()
@Florian What do you mean the projects are in the same python process?
This is a standard implementation of the sites framework above, which leads
me to believe there is a bug in django 1.7
On Sunday, April 19, 2015 at 12:03:44 AM UTC-7, Florian Apolloner wrote:
>
> Hi,
>
> this is certainly
On Sunday, April 19, 2015 at 10:32:47 PM UTC+2, Joe wrote:
>
> @Florian What do you mean the projects are in the same python process?
>
Let me phrase it differently, does it also happen if you run every project
manually using runserver? If no, then this is a configuration bug, please
see the
Try it without setdefault or use daemon mode :)
The "standard" configuration has this exact problem, which there's a
warning in the docs and why daemon mode is recommended.
On Sunday, April 19, 2015, Joe wrote:
> @Florian What do you mean the projects are in the same python process?
>
> This is
(Multiple config files doesn't mean multiple processes. Daemon mode is the
only way to get a separate process per site.)
On Sunday, April 19, 2015, Joe wrote:
> @Florian What do you mean the projects are in the same python process?
>
> This is a standard implementation of the sites framework abo
Hi All,
I'm pretty busy right now and don't currently have the time and motivation
to finish this username max_length 254 change. If anyone wants to finish it
up, the PR is nearly complete; it just needs better instructions on how to
keep the limit at 30 characters for anyone who doesn't want t
>
> > Though it could still ajax-in the token from a page that does have it,
> right?
>
Exactly right.
--
You received this message because you are subscribed to the Google Groups
"Django developers (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving em
13 matches
Mail list logo
