Feed Sign in with OpenID OpenID

Simon Willison’s Weblog

What's new in Django 1.2 alpha 1 (via) Multiple database support, improved CSRF prevention, a messages framework (similar to the Rails “flash” feature), model validation, custom e-mail backends, template caching for much faster handling of the include and extends tags, read only fields in the admin, a better if tag and more. Very exciting release.

Posted 7th January 2010 at 7:31 pm

Tagged , , , ,

3 comments

  1. How is the CSRF prevention implemented? The link doesn't give any implementation details...

    Jörn Zaefferer - 7th January 2010 22:31 - #

  2. Does the documentation for the feature answer your question?

    http://docs.djangoproject.com/en/dev/ref/contrib/c srf/

    If not, we should fix it.

    Simon Willison - 7th January 2010 23:52 - #

  3. Thanks, that explains it quite well. Great to see Django is taking that approach, that seems to be both the most reliable and simplest way.

    What I'd like to see improved: How exactly is the random value generated? What are the details of the strict-referer-checking under HTTPS? A link to a resource with further details would be enough for that.

    Jörn Zaefferer - 8th January 2010 01:45 - #

Sign in with OpenID

Auto-HTML: Line breaks are preserved; URLs will be converted in to links.

Manual XHTML: Enter your own, valid XHTML. Allowed tags are a, p, blockquote, ul, ol, li, dl, dt, dd, em, strong, dfn, code, q, samp, kbd, var, cite, abbr, acronym, sub, sup, br, pre

A django site