#5292: CsrfMiddleware does not protect from forged POST request with no data
-------------------------------------------------+--------------------------
Reporter: Jakub Wilk <[EMAIL PROTECTED]> | Owner: adrian
Status: new | Component:
Contrib apps
Version: SVN | Resolution:
Keywords: | Stage: Ready
for checkin
Has_patch: 1 | Needs_docs: 0
Needs_tests: 0 | Needs_better_patch: 0
-------------------------------------------------+--------------------------
Comment (by SmileyChris):
A POST request, even an empty one, could potentially be all a view was
looking for to do a delete or something.
--
Ticket URL: <http://code.djangoproject.com/ticket/5292#comment:3>
Django Code <http://code.djangoproject.com/>
The web framework for perfectionists with deadlines
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en
-~----------~----~----~----~------~----~------~--~---
