innov
/
django1
1
0
Fork 0
Code Issues Pull Requests 1 Projects Releases Wiki Activity
django1/django/middleware
History
Shai Berger 5112e65ef2 Fixed #20869 -- made CSRF tokens change every request by salt-encrypting them 
Note that the cookie is not changed every request, just the token retrieved
by the `get_token()` method (used also by the `{% csrf_token %}` tag).

While at it, made token validation strict: Where, before, any length was
accepted and non-ASCII chars were ignored, we now treat anything other than
`[A-Za-z0-9]{64}` as invalid (except for 32-char tokens, which, for
backwards-compatibility, are accepted and replaced by 64-char ones).

Thanks Trac user patrys for reporting, github user adambrenecki
for initial patch, Tim Graham for help, and Curtis Maloney,
Collin Anderson, Florian Apolloner, Markus Holtermann & Jon Dufresne
for reviews.
 		2016-05-19 05:02:19 +03:00
..
__init__.py Imported Django from private SVN repository (created from r. 8825) 2005-07-13 01:25:57 +00:00
cache.py Fixed #26601 -- Improved middleware per DEP 0005. 2016-05-17 07:22:22 -04:00
clickjacking.py Fixed #26601 -- Improved middleware per DEP 0005. 2016-05-17 07:22:22 -04:00
common.py Fixed #26601 -- Improved middleware per DEP 0005. 2016-05-17 07:22:22 -04:00
csrf.py Fixed #20869 -- made CSRF tokens change every request by salt-encrypting them 2016-05-19 05:02:19 +03:00
exception.py Refs #26601 -- Refactored BaseHandler to prepare for new-style middleware. 2016-05-17 07:20:56 -04:00
gzip.py Fixed #26601 -- Improved middleware per DEP 0005. 2016-05-17 07:22:22 -04:00
http.py Fixed #26601 -- Improved middleware per DEP 0005. 2016-05-17 07:22:22 -04:00
locale.py Fixed #26601 -- Improved middleware per DEP 0005. 2016-05-17 07:22:22 -04:00
security.py Fixed #26601 -- Improved middleware per DEP 0005. 2016-05-17 07:22:22 -04:00