Use the CheckAllowRefererMiddleware

 






 

 


  Review Request #9194
  —
  Created Sept. 14, 2017 and updated 

 


















 

  

   Information

  





 
 

  brennie
 









 
 

  Review Board
 









 
 

  release-2.0.x
 









 
 

  
 









 
 

  9167
 









 
 

  ac3ee23...
 






 




 

  

   Reviewers

  





 
 

  reviewboard
 









 
 

  
 






 








 





  


 
 

  
The new CheckAllowRefererMiddleware from Djblets requires that sessions

created via the log in form are limited to having the Referer header in

future requests set to a whitelisted host.

 








  


 
 

  
See https://reviews.reviewboard.org/r/9167/

 







 









 





  








 









 






  

 



















 




 




 














 



 

  

   




brennie




   

   

  

 



 















 



 

  

   




brennie




   

   

  

 



 

  


   

   

    
 Review request changed

    
   


  

  

  











 



  

   
Summary:

   
    
-Use the SessionTypeMiddleware
+Use the CheckAllowRefererMiddleware

   		
  




  

   
Description:

   
    
 ~   
The new SessionTypeMiddleware from Djblets requires that sessions created
 ~   via the log in form are limited to having the Referer header in future
 ~   requests set to a whitelisted host.
   ~ 
The new CheckAllowRefererMiddleware from Djblets requires that sessions
   ~ created via the log in form are limited to having the Referer header in
   ~ future requests set to a whitelisted host.

   		
  




  

   
Commit:

   
    
-ade9ccc15dd4c2fbfcd214297348ec127ef8ca53
+ac3ee237ea05fc6f200213deba6c38ae32baf4f1

   		
  




  

   
Diff:

   
    
 Revision 2 (+1)
Show changes
 
    reviewboard/settings.py 
 

   		
  



 









 

  
Checks run (2 succeeded)



  

 flake8
 passed.
 





  

 JSHint
 passed.
 





 















  

 
















 





 

  

   




chipx86




   

   







  

 



 

  


   

   

    
 
chipx86


    
   


  

  

  



    




  1. 
 
    
  
    
   
    Ship It!
    
  
    
 
    

 
    
  


    
 
    
 
      

  

 
    


    

 
    

    2. 















  2. 
 
    
  
    
   
    
  
    
 
    

 
    
  


    
 
    
 
      

  

 
    


    

 
    

    3. 




  

 
















 





 

  

   




david




   

   







  

 



 

  


   

   

    
 
david


    
   


  

  

  



    




  1. 
 
    
  
    
   
    Ship It!
    
  
    
 
    

 
    
  


    
 
    
 
      

  

 
    


    

 
    

    2. 















  2. 
 
    
  
    
   
    
  
    
 
    

 
    
  


    
 
    
 
      

  

 
    


    

 
    

    3. 




  

 









     

    

   

  

  

   
   Loading...