Archives Dec. 13, 2013

Django CSRF explicitly doesn't trust HTTP when submitting to HTTPS

I managed to introduce a wonderful little bug in the Django blog site here. I wanted all contributors (those making comments and myself) to use HTTPS, but I didn't want to rewrite the templates for the Zinnia blog entries, so I just naively redirected the comments form to the HTTPS site. CSRF protection in Django explicitly does ...

Continue reading

Previous day

Dec. 5, 2013

Next day

Jan. 20, 2014