search

plone / plone.protect

HTTP protection utilities for the Plone CMS
https://pypi.org/project/plone.protect/
7 stars 8 forks source link

Vangheem csrf options #1

Closed vangheem closed 11 years ago

vangheem commented 12 years ago

Added suppor to be able to customize the csrf tokens a bit more.

This allows someone to use csrf protection on un-authenticated views but in cases where there is some other sort of soft authentication done.

garbas commented 11 years ago

@vangheem @iElectric any more thoughts? this is pretty old pull requests. maybe somebody else could shed a light here

i would merge since stronger security is nice to have plus this pull request comes with tests which is mean we be sure we don't break anything.

but pull request needs to be updated with current master before being merged in.

vangheem commented 11 years ago

I'll just merge this and remove the referrer check just to get this taken care of finally.