projects / mediagoblin.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 917d466) | patch
Some mostly cosmetic changes to CSRF
authorElrond <elrond+mediagoblin.org@samba-tng.org>
Mon, 3 Oct 2011 22:12:03 +0000 (00:12 +0200)
committerElrond <elrond+mediagoblin.org@samba-tng.org>
Fri, 14 Oct 2011 19:46:17 +0000 (21:46 +0200)
commit2dc8d249326458b4d70e0cf1efbc956dccb12d3f
treec288186023cf6f8628369b04fd86adfcd20d52f7tree | snapshot (zip tar.gz)
parent917d4663afedded7e6606b1a799771da8dc2a37ccommit | diff
Some mostly cosmetic changes to CSRF

* remove max_age - A session cookie is better, because it's
  a session thing, really.
* Call the cookie mediagoblin_csrftoken, much clearer.
* Use the SCRIPT_NAME for the path of the cookie, so that
  the cookie is sent back to the right place only.
  Alternatively the path= parameter could be removed, so
  that it defaults to '/'.
* call the randomness function only once, instead of twice.
  64 bits should be enough. If really more bits are needed,
  increase the number.
* Just give the number as cookie. No point in md5 and
  hexdigest in my view (those functions just make another
  representation).
* getrandbits gets a bit count directly, simpler API
mediagoblin/config_spec.ini diff | blob | blame | history
mediagoblin/middleware/csrf.py diff | blob | blame | history
Unnamed repository; edit this file 'description' to name the repository.