git.postgresql.org Git - pgweb.git/commit

projects / pgweb.git / commit

summary | shortlog | log | commit | commitdiff | tree
(parent: a64835e) | patch

author	Magnus Hagander <magnus@hagander.net>
	Mon, 5 Nov 2012 13:10:39 +0000 (14:10 +0100)
committer	Magnus Hagander <magnus@hagander.net>
	Mon, 5 Nov 2012 13:10:39 +0000 (14:10 +0100)
commit	f6fd1f2e97331cc5ae1d44c9103e20d9a8f31729
tree	489c48eb2160e753ea7b2df21f73a5b204294ce9	tree
parent	a64835ef93c3207ed8a195ea97a419efca950f4d	commit \| diff

Enable CSRF protection by default

Most of these forms look pretty benign, but the user profile form, which
includes an SSH key field, certainly needs to be protected.

The survey form is unprotected because it's served over insecure HTTP
and the Varnish proxy strips cookies, which is required by the builtin
CSRF protection.

Marti Raudsepp

pgweb/account/views.py		diff \| blob \| blame \| history
pgweb/settings.py		diff \| blob \| blame \| history
pgweb/survey/views.py		diff \| blob \| blame \| history
templates/account/userprofileform.html		diff \| blob \| blame \| history
templates/base/form.html		diff \| blob \| blame \| history
templates/core/admin_mergeorg.html		diff \| blob \| blame \| history
templates/core/admin_purge.html		diff \| blob \| blame \| history
templates/core/community.html		diff \| blob \| blame \| history

This is the code for the postgresql.org website