Items tagged django in Feb, 2011
Filters: Year: 2011 × Month: Feb × django × Sorted by date
CSRF: Flash + 307 redirect = Game Over. Here’s the exploit that Django and Rails both just released fixes for. It’s actually a flaw in the Flash player. Flash isn’t meant to be able to make cross-domain HTTP requests with custom HTTP headers unless the crossdomain.xml file on the other domain allows them to, but it turns out a 307 redirect (like a 302, but allows POST data to be forwarded) confuses the Flash player in to not checking the crossdomain.xml on the host it is being redirect to. # 10th February 2011, 10:07 pm
Is South the best tool to use when doing database migrations in Django?
Yes. And I say that as an author of another Django migrations tool (dmigrations) which offered a small subset of South’s current functionality.
[... 42 words]