tomusher
commented
3 years ago Closed tomusher closed 3 years ago
tomusher
commented
3 years ago tomusher
commented
3 years ago With @benhohner to create Cloudflare account.
benhohner
commented
3 years ago Ben to set up cloudflare Business account
benhohner
commented
3 years ago Working with CloudFlare support
benhohner
commented
3 years ago Implementation blocked by this issue Tom brought up:
I'm looking in to full caching for the foundation site - the biggest problem I'm seeing here is that we set a CSRF token on every page (in a meta tag) - that means every request wants to set a CSRF cookie, which has to be unique to each user. Are we able to:
- Review what is using this token to determine if it's needed (i.e. is CSRF protection worth it on that request/form)
- Limit the scope of pages that set the CSRF token cookie, so we can explicitly exclude them from caching?
Pomax
commented
3 years ago We needed CSRF for PNI product voting, but the only route we have that's protected by @csrf_protect is the old product voting route, to my knowledge. @KalobTaulien does wagtail automatically add CSRF protection for serve handing? (the POST route for voting on new PNI does not have explciit CSRF as far as I can tell)
KalobTaulien
commented
3 years ago @Pomax I don't recall off the top of my head, but my gut says no since we can check for if request.POST in the serve() method directly using any type of POST request without a CSRF token. But let me double check that before I give bad advice
There is currently no cache solution in front of the Foundation and Donate sites. Investigate and implement Cloudflare for this.
Use Cloudflare Pro plan so we get the WAF.