What's new in Django 1.2 alpha 1 (via) Multiple database support, improved CSRF prevention, a messages framework (similar to the Rails “flash” feature), model validation, custom e-mail backends, template caching for much faster handling of the include and extends tags, read only fields in the admin, a better if tag and more. Very exciting release.
Sign in with 
OpenID
How is the CSRF prevention implemented? The link doesn't give any implementation details...
Jörn Zaefferer - 7th January 2010 22:31 - #
Does the documentation for the feature answer your question?
http://docs.djangoproject.com/en/dev/ref/contrib/c srf/
If not, we should fix it.
Thanks, that explains it quite well. Great to see Django is taking that approach, that seems to be both the most reliable and simplest way.
What I'd like to see improved: How exactly is the random value generated? What are the details of the strict-referer-checking under HTTPS? A link to a resource with further details would be enough for that.
Jörn Zaefferer - 8th January 2010 01:45 - #
Django 1.2 is really a big step forward! especially the template improvement part.
cer - 11th January 2010 02:42 - #