-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/15/2012 08:27 PM, Matthew Wilkes wrote:
>
>
> Tres Seaver wrote:
>> +> class=".utils.CSRFToken" + permission="zope.Public" + />
>> +
>
> Is there any reason for making the user's CSRF token available on a
> URL?
The rationale is ma
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/15/2012 08:51 PM, David Glick (Plone) wrote:
What alternative would you propose? Folks who want to use the ZMI in
load-balanced environments should probably be using non-default sessions
anyway.
What
platforms? It works on Mac, Linux, and
