| Commit message (Collapse) | Author | Age | Files | Lines | |
|---|---|---|---|---|---|
| * | Rename MediaGoblin middleware to meddleware to avoid confusion w/ wsgi ↵ | Christopher Allan Webber | 2011-11-25 | 1 | -132/+0 |
| | | | | | | | middleware hehehehehe, "meddleware" | ||||
| * | Issue 653: This time for sure! | Nathan Yergler | 2011-11-13 | 1 | -1/+1 |
| | | |||||
| * | Issue 653: Handle the case where request.vary is None | Nathan Yergler | 2011-11-13 | 1 | -1/+1 |
| | | |||||
| * | Issue 653: Don't throw exception if response has no vary header. | Nathan Yergler | 2011-11-13 | 1 | -1/+1 |
| | | |||||
| * | Some mostly cosmetic changes to CSRF | Elrond | 2011-10-14 | 1 | -9/+6 |
| | | | | | | | | | | | | | | | | | | * remove max_age - A session cookie is better, because it's a session thing, really. * Call the cookie mediagoblin_csrftoken, much clearer. * Use the SCRIPT_NAME for the path of the cookie, so that the cookie is sent back to the right place only. Alternatively the path= parameter could be removed, so that it defaults to '/'. * call the randomness function only once, instead of twice. 64 bits should be enough. If really more bits are needed, increase the number. * Just give the number as cookie. No point in md5 and hexdigest in my view (those functions just make another representation). * getrandbits gets a bit count directly, simpler API | ||||
| * | #361: Removing additional secret key, per CW's request. | Nathan Yergler | 2011-10-01 | 1 | -1/+1 |
| | | |||||
| * | #361: Don't test for CSRF token if we're running unit tests. | Nathan Yergler | 2011-10-01 | 1 | -1/+4 |
| | | |||||
| * | PEP8-ification. | Nathan Yergler | 2011-10-01 | 1 | -9/+10 |
| | | |||||
| * | Issue 361 Initial implementation of CSRF protection middleware | Nathan Yergler | 2011-09-04 | 1 | -0/+131 |
 |
index : mediagoblin.git | |
| MediaGoblin is a free software media publishing platform that anyone can run, with Plyr player for default, search and without nodejs | heckyel |
| aboutsummaryrefslogtreecommitdiffstats |