Status

Webtools
Elmo
RESOLVED FIXED
7 years ago
4 years ago

People

(Reporter: stas, Assigned: peterbe)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment, 1 obsolete attachment)

(Reporter)

Description

7 years ago
Created attachment 529083 [details] [diff] [review]
WIP patch

It looks like Peter's fix wasn't cherry-picked, and we have CSRF issues again, e.g. on webby.

Attached are the changes that I made that made webby work, but Pike told me that Peter's fix was more more involved than that.
Attachment #529083 - Flags: feedback?(peterbe)
(Assignee)

Comment 1

7 years ago
Alarmingly I think I got my setup wrong as I was able to log in without the new token code. Will review my setup and the code.
(Assignee)

Comment 2

7 years ago
Besides, I think we ought to review the idea of migrating to django-session-csrf. I can have a look and upload a new patch.
(Assignee)

Comment 3

7 years ago
Created attachment 529512 [details] [diff] [review]
Fix for login, logout and updates vendor to reference django 1.3

Updates vendor index so that we track django 1.3.

Fixes both login and logout.
Attachment #529512 - Flags: review?(l10n)

Comment 4

7 years ago
Comment on attachment 529512 [details] [diff] [review]
Fix for login, logout and updates vendor to reference django 1.3

Review of attachment 529512 [details] [diff] [review]:

r=me with nits.

To make extras/csrf_migration_helper.py happy, can you append the csrf token directly after the form, and not in a new line?
Attachment #529512 - Flags: review?(l10n) → review+

Comment 5

7 years ago
Comment on attachment 529083 [details] [diff] [review]
WIP patch

We have a new patch, getting rid of the previous attachment.
Attachment #529083 - Attachment is obsolete: true
Attachment #529083 - Flags: feedback?(peterbe)
(Assignee)

Comment 6

7 years ago
Merged into origin/develop
Status: NEW → RESOLVED
Last Resolved: 7 years ago
Resolution: --- → FIXED

Updated

7 years ago
Target Milestone: --- → 1.2

Updated

4 years ago
Assignee: nobody → peterbe
You need to log in before you can comment on or make changes to this bug.