Admin site uses its own CSRF protection and should be exempted from CSRF extension

sprin / pg-discuss

A comment system backend in Python with PostgreSQL

http://pg-discuss.sprin.io/

10 stars 1 forks source link

Open sprin opened 8 years ago

sprin commented 8 years ago

Admin site uses its own CSRF protection and should be exempted from CSRF extension.

Logging in to the admin when the CSRF token extension is enabled causes a CSRF check failure.