Blogmarks tagged django, recovered in 2011
Filters: Type: blogmark × Year: 2011 × django × recovered × Sorted by date
CSRF: Flash + 307 redirect = Game Over. Here’s the exploit that Django and Rails both just released fixes for. It’s actually a flaw in the Flash player. Flash isn’t meant to be able to make cross-domain HTTP requests with custom HTTP headers unless the crossdomain.xml file on the other domain allows them to, but it turns out a 307 redirect (like a 302, but allows POST data to be forwarded) confuses the Flash player in to not checking the crossdomain.xml on the host it is being redirect to.
The First Few Weeks—ep.io. Another take on managed Python Django/WSGI hosting, from Andrew Godwin and Ben Firshman.
Hello from Gondor. “Effortless production Django hosting” from the Eldarion team.