On 15/04/12 05:23, Rohan Jain wrote:
> On 22:50 +0100 / 13 Apr, Luke Plant wrote:
>> The reason for the strict referer checking under HTTPS is set out here:
>>
>> https://code.djangoproject.com/wiki/CsrfProtection
>>
>> Particularly, it is to fix the 'CSRF + MITM' attack that is possible
>> under H
Sorry to reply twice, a comment on a different part:
On 15/04/12 05:23, Rohan Jain wrote:
> On 22:50 +0100 / 13 Apr, Luke Plant wrote:
>> .. At the moment, it seems that few browsers send the
>> 'Origin' header for normal HTML requests. (Recent versions of Chrome,
>> Firefox and Opera do not, I do
There seems to be some confusion about CORS (a hairy draft spec that
is not fully implemented in any browser, and not appropriate for
inclusion in Django at this time) and the "Origin" header (aka Web
Origin, rfc6454).
http://tools.ietf.org/html/rfc6454
https://wiki.mozilla.org/Security/Origin
ht
Hi all,
I've opened ticket [1]#18116 to track this cleanup change.
This change would allow to close a handful of tickets about half-backed
compatibility with deprecated MySQL 4.x.
More specifically the commit would make Django trunk require MySQL
5.0.3 or newer. This will allow avoid a limitatio
Hey folks!
I started a wiki page to help plan a migration to GitHub:
https://code.djangoproject.com/wiki/GitHub%20Migration
I don't know what I'm doing, but I do know that the current Trac setup
(attaching patches, etc) is less accessible to non-core contributors than
GitHub and I'd love to do
Em 18 de abril de 2012 18:44, philipn escreveu:
> Hey folks!
>
> I started a wiki page to help plan a migration to GitHub:
>
> https://code.djangoproject.com/wiki/GitHub%20Migration
>
> I don't know what I'm doing, but I do know that the current Trac setup
> (attaching patches, etc) is less access
On 18/04/12 20:05, Paul McMillan wrote:
> My suggestion here is to include optional support for the Origin
> header as follows:
> - if present and null, fail the CSRF check
> - if present and not null, use in alongside the Referer header
> - if absent, keep current behavior
>
> As a general rule,
On Wed, Apr 18, 2012 at 6:46 PM, Dalton Barreto wrote:
> Em 18 de abril de 2012 18:44, philipn escreveu:
>> Hey folks!
>>
>> I started a wiki page to help plan a migration to GitHub:
>>
>> https://code.djangoproject.com/wiki/GitHub%20Migration
>>
>> I don't know what I'm doing, but I do know that
Github Issues are not flexible enough for Django.
On Wednesday, April 18, 2012 at 6:53 PM, Alex Ogier wrote:
> On Wed, Apr 18, 2012 at 6:46 PM, Dalton Barreto (mailto:daltonma...@gmail.com)> wrote:
> > Em 18 de abril de 2012 18:44, philipn > (mailto:phil...@gmail.com)> escreveu:
> > > Hey fol
Em 18 de abril de 2012 19:46, Dalton Barreto escreveu:
> Em 18 de abril de 2012 18:44, philipn escreveu:
>> Hey folks!
>>
>> I started a wiki page to help plan a migration to GitHub:
>>
>> https://code.djangoproject.com/wiki/GitHub%20Migration
>>
>> I don't know what I'm doing, but I do know that
On 19 April 2012 00:55, Donald Stufft wrote:
> Github Issues are not flexible enough for Django.
>
That's rather a vague statement. Github issues are actually more
*flexible* then Trac as you can define any set of tags for an issue.
What Django could possibly want to have is a way to create extra
On Wed, Apr 18, 2012 at 6:55 PM, Dalton Barreto wrote:
>> Maybe the best way to avoid that people create issues on github is to
>> disable it for the
>> official repository. This is possible through the Github's Admin interface.
>>
>
> Hmm, this would probably disable pull requests too
No, it doe
On Wed, Apr 18, 2012 at 11:55 PM, Dalton Barreto wrote:
> Em 18 de abril de 2012 19:46, Dalton Barreto
> escreveu:
> > Em 18 de abril de 2012 18:44, philipn escreveu:
>
> Hmm, this would probably disable pull requests too. Not a good idea,
> assuming that
> contributions will be accepted as pul
Github issues do not have the ability for anyone to close, tag, or create
milestones. You have to be the creator of the ticket or someone with
commit access. Django's track instance allows anyone to participate
in this way and is one of the major reasons to my knowledge that
Django will keep it's t
Em 18 de abril de 2012 21:13, Luke Granger-Brown escreveu:
>
> On Wed, Apr 18, 2012 at 11:55 PM, Dalton Barreto
> wrote:
>>
>> Em 18 de abril de 2012 19:46, Dalton Barreto
>> escreveu:
>> > Em 18 de abril de 2012 18:44, philipn escreveu:
>>
>> Hmm, this would probably disable pull requests too.
15 matches
Mail list logo
