Closed Bug 651634 Opened 13 years ago Closed 13 years ago

Use django-session-csrf

Categories

(support.mozilla.org :: General, defect, P1)

Product:
support.mozilla.org
Component:
General
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: jsocol, Assigned: rrosario)

References

Details

See bug 649520. This is to start using it on SUMO.
Assignee: nobody → rrosario
Depends on: 652204
Landed on Master:
https://github.com/jsocol/kitsune/commit/bf4e3d0965fdfb743e50ee2fd6fcf7fb45259fb8

Not testable until bug 652957 is resolved.

QA Test suggestions:
* Anonymous form POSTs (make sure none of these returns a 403/Access denied):
** login
** register
** password reset
** resend confirmation email
** AAQ process (as anonymous)
** article vote
** question "I have this problem too" + subscribe to updates after
** answer helpful/not helpful vote
** question "get email updates"
* Logged in form POSTs
** The normal smoke tests would be good (for example: post threads, questions, etc.). They will likely all work or none at all.
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
These bugs are all resolved, so I'm removing the security flag from them.
Group: websites-security
You need to log in before you can comment on or make changes to this bug.