Ah; now that I understand the purpose of the check, it all makes sense
to me. Thanks, Paul!
-Dave
--
You received this message because you are subscribed to the Google Groups
"Django developers" group.
To post to this group, send email to django-developers@googlegroups.com.
To unsubscribe from
If you're using HTTPS, the CsrfViewMiddleware performs a same_origin
check on the domain.
Two questions:
1. What security issue does this prevent? (I assume some kind of MITM,
but I don't understand why would be important for HTTPS and not for
HTTP.)
2. Because the check uses request.get_host(),
Hello,
I notice that Django's multipart form parser expects CRLF-style line
endings. Specifically,
django.http.multipartparser::parse_boudary_stream has a hardcoded
expectation of '\r\n\r\n' to end a part header.
Is this line ending mandated by RFCs, or is this hardcoding a mistake?
I ask becaus
