Feedback #24496 - Check CSRF Referer against CSRF_COOKIE_DOMAIN

Ticket and patch have been submitted regarding this: https://code.djangoproject.com/ticket/24496 https://github.com/django/django/pull/4337 Since this is related to CSRF and technically weakening the strictness of the Referer check, Tim Graham suggested soliciting feedback here to get more

Re: Django urls in JavaScript

Ahh, I missed that from your original post. I like that. :) -- You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-developers@googlegroups.com. To unsubscribe from this group, send email to

Re: Django urls in JavaScript

It could just be a combo of both. There'd be one file for the urlresolver.js, and a patterns.js. Interesting. Now, could the patterns in Python be translated to Javascript properly? I'll do some playing around today and see if I can come up with some basics. Even if this doesn't land in Django

Re: Django urls in JavaScript

I think the biggest problem with translating the reverse() lookup is the lack of kwargs and named capture groups in Javascript regex. So a pattern such as: /page/(?P\d+)/ would not translate whatsoever. Then on the Javascript side, we wouldn't be able to use: reverse('goto_page', [],

Re: Django urls in JavaScript

There also proposes the problem of selecting which urls are "published" in this file and which aren't. Any ideas for that? I'm sure lots of people wouldn't want their entire sitemap exposed to the public in one large js file. -- You received this message because you are subscribed to the

Re: Django urls in JavaScript

So you're basically proposing to write a Javascript library that is a translation of URLResolver, and essentially have a dynamic "Javascript" file that could be included that would contain your URL patterns? Just trying to make sure we're on the same page. -- You received this message because

Re: Django urls in JavaScript

How could this even begin to be solved without incurring another http request to resolve the url pattern? The only way I can imagine it is if we had a generic /resolve/ path that took some get parameters to return a full URL, or even it translate to a 301 redirect, but that'll get messy with

Re: secret key from file...

pattern that gets us by, but yes, things like this do show that there needs to be one overall "recommended" method for maintaining separate settings on a per server/environment basis. On Mar 22, 2011, at 7:05 PM, Ian Kelly wrote: > On Tue, Mar 22, 2011 at 4:49 PM, Matt Robenolt &g

Re: secret key from file...

Why not just do an import for your custom settings? try: from site_settings import * except ImportError: pass On Mar 22, 2011, at 5:51 PM, Ian Kelly wrote: > On Tue, Mar 22, 2011 at 6:44 AM, Kristaps Kūlis > wrote: >> I personally would greatly

Re: secret key from file...

What we use is a settings.cfg, which is an ini file for global configurations. Database settings, etc. We need to share these settings across different languages and parts of our application. You can set up your ini file as such: [secret] key=abcdefghijklmnopqrstuvwxyz0123456789 ini files