Summary

Use the CheckAllowRefererMiddleware

Review Request #9194 — Created Sept. 14, 2017 and updated Oct. 21, 2017, 2:04 p.m.

Information

Owner

brennie

Repository

Review Board

Branch

release-2.0.x

Bugs

Depends On

~~9167~~

Commit

ac3ee23...

Reviewers

Groups

reviewboard

People

Description

The new CheckAllowRefererMiddleware from Djblets requires that sessions
created via the log in form are limited to having the Referer header in
future requests set to a whitelisted host.

Testing Done

See https://reviews.reviewboard.org/r/9167/

flake8 passed.

JSHint passed.

Description:: The new SessionTypeMiddleware from Djblets requires that sessions created
~ via the log in form are limited to having the Referer header set to a
~ whitelisted host.
~ via the log in form are limited to having the Referer header in future
~ requests set to a whitelisted host.

Summary:

Use the SessionTypeMiddleware

Use the CheckAllowRefererMiddleware

Description:

~		The new `SessionTypeMiddleware` from Djblets requires that sessions created
~		via the log in form are limited to having the `Referer` header in future
~		requests set to a whitelisted host.
	~	The new `CheckAllowRefererMiddleware` from Djblets requires that sessions
	~	created via the log in form are limited to having the `Referer` header in
	~	future requests set to a whitelisted host.

Commit:

ade9ccc15dd4c2fbfcd214297348ec127ef8ca53

ac3ee237ea05fc6f200213deba6c38ae32baf4f1

Diff:

Revision 2 (+1)

Show changes

reviewboard/settings.py

Checks run (2 succeeded)

flake8 passed.

JSHint passed.

Ship it!

```
Ship It!
```

Ship it!

```
Ship It!
```

		The new `SessionTypeMiddleware` from Djblets requires that sessions created
~		via the log in form are limited to having the `Referer` header set to a
~		whitelisted host.
	~	via the log in form are limited to having the `Referer` header in future
	~	requests set to a whitelisted host.