Re: [PATCH] Fix CSRF verification on /api/varnish/purge & misc

On Wed, Nov 7, 2012 at 10:30 PM, Marti Raudsepp <marti@juffo.org> wrote:
> Hi list,
>
> Three more patches:
>
> 0001-Update-ssl_required-decorator-to-play-nice-with-othe.patch
>
> This is the important one to make /api/varnish/purge/ work again. The
> @ssl_required decorator now cooperates with other decorators and
> retains attributes, rather than overriding them all.
>
> The other 2 decorators in util/decorators.py probably also need this
> fix, but I decided not to do it now to reduce testing effort.
>
> 0002-Fix-small-bug-in-api_varnish_purge-error-path.patch
>
> Insignificant: return HttpResponse instead of raising it in error path.
>
> 0003-CSRF-verification-failure-now-returns-HTTP-403-Forbi.patch
>
> The CSRF failure view previously returned with HTTP status 200 OK.
> That's wrong -- apps and browsers should be signaled that the request
> failed. Now returns 403 Forbidden.

Hi

They look good based on description. However, I believe you forgot to
attach the actual files.

--Magnus HaganderMe: http://www.hagander.net/Work: http://www.redpill-linpro.com/