Archives Dec. 13, 2013
Django CSRF explicitly doesn't trust HTTP when submitting to HTTPS
Written by
on
in
Snaking.
I managed to introduce a wonderful little bug in the Django blog site here. I wanted all contributors (those making comments and myself) to use HTTPS, but I didn't want to rewrite the templates for the Zinnia blog entries, so I just naively redirected the comments form to the HTTPS site. CSRF protection in Django explicitly does ...
Previous day
Next day
Archives
Mike C. Fletcher, the VRPlumber, is a philosopher of design turned computer programmer based in Toronto, Canada. He works primarily in the Python programming language, and maintains a large number of Open Source software packages. You can reach him at: mcfletch@vrplumber.com.