Archives week 49 of 2013
Dec. 9, 2013 - Dec. 15, 2013
Django CSRF explicitly doesn't trust HTTP when submitting to HTTPS
Written by
on
in
Snaking.
I managed to introduce a wonderful little bug in the Django blog site here. I wanted all contributors (those making comments and myself) to use HTTPS, but I didn't want to rewrite the templates for the Zinnia blog entries, so I just naively redirected the comments form to the HTTPS site. CSRF protection in Django explicitly does ...
Daily archives
Previous week
Next week
Archives
Mike C. Fletcher, the VRPlumber, is a philosopher of design turned computer programmer based in Toronto, Canada. He works primarily in the Python programming language, and maintains a large number of Open Source software packages. You can reach him at: mcfletch@vrplumber.com.