UNKNOWN
Project description
plone4.csrffixes
The package aims to backport the auto CSRF implementation from Plone 5 to Plone 4.
The reason this is necessary is because there are a lot of CSRF problem with the ZMI that Zope2 will never be able to fix.
See https://plone.org/products/plone/security/advisories/security-vulnerability-20151006-csrf for more details.
Installation
Plone 4.3, 4.2, 4.1 and 4.0
add plone4.csrffixes to eggs list:
eggs =
...
plone4.csrffixes
...
add a new version pin for plone.protect, plone.keyring and plone.locking:
[versions] ... plone.protect = 3.0.12 plone.keyring = 3.0.1 plone.locking = 2.0.8 ...
Plone 4.0 and 4.1
If lxml is not already included in your site, this package has a dependency on lxml and will pull it in when installed.
We recommend pinning to version 2.3.6 of lxml. If you use a version of lxml > 3, you’ll need to also install the cssselect package.
Changelog
1.0.2 (2015-10-06)
use a better guess at if we should rewrite urls for zmi [vangheem]
1.0.1 (2015-10-06)
correctly check for origin header [vangheem]
1.0.0 (2015-10-06)
initial release
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
File details
Details for the file plone4.csrffixes-1.0.2.zip.
File metadata
- Download URL: plone4.csrffixes-1.0.2.zip
- Upload date:
- Size: 18.5 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
57f204c41c1f900e58d65fbae9b1dde5f00ea6426664427f993371331c094b5d
|
|
| MD5 |
ac69f60c10a1e16959e3f055e33f98c4
|
|
| BLAKE2b-256 |
f30c4a42f2d970aa1cd81102f0a70ea3446a53e86863113c7cb57c675be3160c
|
