You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Tokens use HMAC signatures with a server secret, to ensure that they cannot be forged.
Token rotation is more robust, using a timestamp built into the token, and expired tokens are rejected.
Added support for intercepting login form to prevent Login CSRF.
Code has been refactored for both Flask and Pylons compatibility, as well as handling both Python 2 and 3. Flask support uses official Flask intercept points and no longer requires monkey-patching core functions.
The text was updated successfully, but these errors were encountered:
There have been significant improvements to https://github.com/qld-gov-au/ckanext-csrf-filter since its code was adapted for this extension. It could be beneficial to copy these changes.
Improvements include:
The text was updated successfully, but these errors were encountered: