CSRF - next step?

Sat, 26 Sep 2009 11:29:23 -0700 

Hi all,

I just want to know what the status is before committing the CSRF 
stuff:

 * Jacob am I waiting for a thumbs up? I think you said you were going  
   to try out the code.
 * Simon am I waiting for your patch?

If I'm not waiting for either, my plan would be:
 * Commit what I've got pretty much as is.
 * Then move it all from contrib to core
   * Question: where should the docs (currently ref/contrib/csrf.txt) 
     be moved to?  ref/csrf.txt seems like a sensible place, but I
     don't know.
 * Then add a render_to_response_with_request shortcut (once we 
   can decide on a colour...) and adjust the tutorials.
 
Simon:
 * I could wait for you to write your csrf_protect_form code before 
   doing any of this, merge it and then do the above.
 * You could write it against my lp-csrf_rework branch (which is not
   going to change substantially), and I can move your patch
   over to core (or you could move it).
 * You could wait 'til I'm done so that we don't have to worry about
   the fact that everything is going to move.

Personally, I think your patch would be better going in separately, as 
it is additional functionality that is not used by default anywhere.

Also, I have written a Python script that attempts to help people find 
all the <form>s and view code that needs attention.  It has a whole 
bunch of limitations and caveats, but I think it's pretty useful 90% 
solution and automates a lot of what people would have done using grep 
etc.  Where should it go?  It's currently in 'extras/' which seems to 
be the right place.

Luke

-- 
"Smoking cures weight problems...eventually..." (Steven Wright)

Luke Plant || http://lukeplant.me.uk/

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups 
"Django developers" group.
To post to this group, send email to django-developers@googlegroups.com
To unsubscribe from this group, send email to 
django-developers+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/django-developers?hl=en
-~----------~----~----~----~------~----~------~--~---

Reply via email to