RPC4Django

CSRF still can break serve_rpc_request in 0.1.7

Bug #658788 reported by David Chandek-Stark on 2010-10-11

6

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	RPC4Django	Fix Released	Medium	davidfischer	RPC4Django 0.1.8

Bug Description

I found after upgrading to Django 1.2 that I was having intermittent problems with rpc4django 0.1.7 and Django's CSRF functionality. I haven't tested this, but I think the solution is to move a block of code in views.py as show in the attached diff file.

Revision history for this message

David Chandek-Stark (dchandekstark) wrote on 2010-10-11:

#1

rpc4django.diff Edit (907 bytes, text/x-diff)

davidfischer (djfische) on 2010-10-27

Changed in rpc4django:
assignee:	nobody → davidfischer (djfische)
milestone:	none → 0.1.8

Revision history for this message

davidfischer (djfische) wrote on 2010-10-27:

#2

This is implemented in 0.1.8. Thanks for the patch!

Changed in rpc4django:
importance:	Undecided → Medium
status:	New → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Bug attachments

rpc4django.diff Edit

Add attachment

Remote bug watches

Bug watches keep track of this bug in other bug trackers.