On 12/08/2014 09:51 AM, Larry Martell wrote:
> Right, but anyone can write a script to bypass the CSRF protection. I
> was surprised that it would be so easy to do that. I guess that's not
> what CSRF was designed to protect against.
Right. There's no such thing as a CSRF attack via script. The
On Mon, Dec 8, 2014 at 11:44 AM, Carl Meyer wrote:
> Hi Larry,
>
> On 12/08/2014 07:14 AM, Larry Martell wrote:
>> On Sat, Dec 6, 2014 at 1:41 AM, James Schneider
>> wrote:
>>> Check out Collin's email from earlier, it has an example using curl but you
Hi Larry,
On 12/08/2014 07:14 AM, Larry Martell wrote:
> On Sat, Dec 6, 2014 at 1:41 AM, James Schneider
> wrote:
>> Check out Collin's email from earlier, it has an example using curl but you
>> should be able to adapt your web request with the cookie and POST values
On Sat, Dec 6, 2014 at 1:41 AM, James Schneider wrote:
> Check out Collin's email from earlier, it has an example using curl but you
> should be able to adapt your web request with the cookie and POST values via
> the python script. The cookie and POST values for the CSRF
Hallöchen!
Larry Martell writes:
> I have a django view that normally receives POSTed data from a web
> page. That all works fine. But now we also want to call that view from
> a python script. That is failing with a 403 because of a CSRF
> mismatch. I can disable CSRF on my view and then it
Hi Larry,
On 12/05/2014 09:16 PM, Larry Martell wrote:
> I have a django view that normally receives POSTed data from a web
> page. That all works fine. But now we also want to call that view from
> a python script. That is failing with a 403 because of a CSRF
> mismatch. I can disable CSRF on my
Check out Collin's email from earlier, it has an example using curl but you
should be able to adapt your web request with the cookie and POST values
via the python script. The cookie and POST values for the CSRF token can be
anything, they just need to match.
7 matches
Mail list logo