hello everyone i am deepak kumar sain new to tensorflow also new to
opensource contributiuons , i am an student , i want to start my open
source contribution journey can anyone helpme how can i contribute and what
can i contribute am learning DSA in c++ and Flutter currently . thank you
On
I've been working on setting up a new project that's never going to see the
light of production, so I went down the road of just disabling CSRF for
that purpose. I notably found that the Django admin still requires CSRF,
even when the middleware has been removed from the MIDDLEWARE setting. I
On Thursday, April 20, 2023 at 1:00:05 PM UTC+2 Jure Erznožnik wrote:
OK, I'll bite:
For the first issue, my problem revolved around this code:
@property def POST(self): # Ensure that request.POST uses our request
parsing. if not _hasattr(self, '_data'): self._load_data_and_files() if
OK, I'll bite:
For the first issue, my problem revolved around this code:
@property def POST(self): # Ensure that request.POST uses our request
parsing. if not _hasattr(self, '_data'): self._load_data_and_files() if
is_form_media_type(self.content_type): return self._data return
Hi,
On Tuesday, April 18, 2023 at 10:57:55 PM UTC+2 jure.er...@gmail.com wrote:
Well, TBH, I've just completed dealing with CSRF form in my projects. I
ended up exempting the particular view from CSRF because I didn't know how
to get the stuff to work. The problem was that django parsed the
developers (Contributions to Django itself)
Subject: Re: Drop CSRF middleware from the settings template
In my experience, even SameSite None is not sufficient to use cookies in
cross-site iframes. Safari doesn't allow those cookies to be sent unless you
visit the site directly first. I've
In my experience, even SameSite None is not sufficient to use cookies
in cross-site iframes. Safari doesn't allow those cookies to be sent
unless you visit the site directly first. I've heard movements for
Firefox and/or Chrome having similar behavior, but I haven't been
working with iframes
On Tuesday, April 18, 2023 at 8:34:14 AM UTC-5 Stratos Moros wrote:
[...] In my experience there are legitimate cases for setting
SameSite=None, especially concerning iframes.
Specifically, when developing a web app intended to be embedded as an
iframe by a different top-level origin, you
In such cases, you really do need Django's current CSRF protection.
Personally I wouldn't mind it being off by default, since SameSite=Lax
seems to be enough for most cases, but this could be a footgun for some
people.
This could be handled by the configuration checker, which runs after
Hello Everyone,
Looks like lax will do the trick, but it's not like there aren't legit
cases for same-site policy to be set to something less restrictive.
I agree. In my experience there are legitimate cases for setting
SameSite=None, especially concerning iframes.
Specifically, when
https://security.stackexchange.com/questions/262245/are-csrf-attacks-a-thing-of-the-past
Looks like lax will do the trick, but it's not like there aren't legit
cases for same-site policy to be set to something less restrictive.
LP,
Jure
On 17. 04. 23 09:24, Jacob Rief wrote:
On Monday,
On Monday, April 17, 2023 at 8:45:16 AM UTC+2 Curtis Maloney wrote:
Are you implying that all CSRF attacks protected by Django's current
machinery are entirely mitigated by SameSite=Lax on the _session_ cookiue?
Yes. Therefore imho, the CSRF protection is just some nasty legacy,
developers
On Mon, 17 Apr 2023, at 04:25, 'Ryan Hiebert' via Django developers
(Contributions to Django itself) wrote:
> I've recently been working with other new frameworks, particularly Remix.
> Coming from Django, which has had excellent CSRF for many years, one of my
> first questions was how to
Actually, I attempted to forge POST requests on Django with disabled CSRF
protection – and failed.
Maybe I wasn't creative enough, but modern browsers do indeed have a good
protection against this attack vector.
I therefore welcome this proposal, unless someone can show how to bypass
this
14 matches
Mail list logo
