[Django] #28592: Security documentation updates

[Django]

#28592: Security documentation updates
------------------------------------------------+------------------------
Reporter: Daniele Procida | Owner: nobody
Type: Cleanup/optimization | Status: new
Component: Documentation | Version: 1.11
Severity: Normal | Keywords:
Triage Stage: Unreviewed | Has patch: 1
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 0 | Easy pickings: 0
UI/UX: 0 |
------------------------------------------------+------------------------
The security documentation can be improved.

It currently mixes up topic, reference and how-to material all in the
same document.

The CSRF sections can be expanded to address some common questions about
the way Django does this.

The pull request https://github.com/django/django/pull/9071 addresses
these issues.

--
Ticket URL: <https://code.djangoproject.com/ticket/28592>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

[Django]

#28592: Security documentation updates
-------------------------------------+-------------------------------------
Reporter: Daniele Procida | Owner: Daniele
Type: | Procida
Cleanup/optimization | Status: assigned
Component: Documentation | Version: 1.11
Severity: Normal | Resolution:

Keywords: | Triage Stage:
| Unreviewed
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0

-------------------------------------+-------------------------------------
Changes (by Daniele Procida):

* owner: nobody => Daniele Procida
* status: new => assigned

--
Ticket URL: <https://code.djangoproject.com/ticket/28592#comment:1>

[Django]

#28592: Reorganize CSRF documentation and add to FAQs

-------------------------------------+-------------------------------------
Reporter: Daniele Procida | Owner: Daniele
Type: | Procida
Cleanup/optimization | Status: assigned

Component: Documentation | Version: 1.11
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted

Has patch: 1 | Needs documentation: 0

Needs tests: 0 | Patch needs improvement: 1

Easy pickings: 0 | UI/UX: 0

-------------------------------------+-------------------------------------
Changes (by Tim Graham):

* needs_better_patch: 0 => 1
* stage: Unreviewed => Accepted

Old description:

> The security documentation can be improved.
>
> It currently mixes up topic, reference and how-to material all in the
> same document.
>
> The CSRF sections can be expanded to address some common questions about
> the way Django does this.
>
> The pull request https://github.com/django/django/pull/9071 addresses
> these issues.

New description:

The CSRF documentation can be improved.

It currently mixes up topic, reference, and how-to material all in the
same document.

The CSRF sections can be expanded to address some common questions about
the way Django does this.

[https://github.com/django/django/pull/9071 PR]

--

--
Ticket URL: <https://code.djangoproject.com/ticket/28592#comment:2>

[Django]

#28592: Reorganize CSRF documentation and add to FAQs
-------------------------------------+-------------------------------------
Reporter: Daniele Procida | Owner: Daniele
Type: | Procida
Cleanup/optimization | Status: assigned

Component: Documentation | Version: 1.11

Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted

Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0

-------------------------------------+-------------------------------------
Changes (by Jacob Walls):

* needs_better_patch: 1 => 0

Comment:

Hello from the future, Daniele. Found this PR while surfing GitHub. I'm
resetting the review flag since it looks like you're caught up on
feedback.
[https://github.com/django/django/pull/9071 PR]

--
Ticket URL: <https://code.djangoproject.com/ticket/28592#comment:3>

[Django]

#28592: Reorganize CSRF documentation and add to FAQs
-------------------------------------+-------------------------------------
Reporter: Daniele Procida | Owner: Daniele
Type: | Procida
Cleanup/optimization | Status: assigned

Component: Documentation | Version: 1.11

Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted

Has patch: 1 | Needs documentation: 0

Needs tests: 0 | Patch needs improvement: 1

Easy pickings: 0 | UI/UX: 0

-------------------------------------+-------------------------------------
Changes (by Mariusz Felisiak):

* needs_better_patch: 0 => 1

Comment:

This patch is not mergeable anymore. It has a lot of conflicts with the
current master, it seems that a new PR is needed to move it forward.

--
Ticket URL: <https://code.djangoproject.com/ticket/28592#comment:4>

[Django]

#28592: Reorganize CSRF documentation and add to FAQs
-------------------------------------+-------------------------------------
Reporter: Daniele Procida | Owner: Daniele
Type: | Procida
Cleanup/optimization | Status: assigned

Component: Documentation | Version: 1.11

Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted

Has patch: 1 | Needs documentation: 0

Needs tests: 0 | Patch needs improvement: 1
Easy pickings: 1 | UI/UX: 0
-------------------------------------+-------------------------------------
Changes (by David Smith):

* easy: 0 => 1

--
Ticket URL: <https://code.djangoproject.com/ticket/28592#comment:5>

[Django]

#28592: Reorganize CSRF documentation and add to FAQs

--------------------------------------+------------------------------------
Reporter: Daniele Procida | Owner: (none)

Type: Cleanup/optimization | Status: new
Component: Documentation | Version: 1.11

Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted

Has patch: 1 | Needs documentation: 0

Needs tests: 0 | Patch needs improvement: 1
Easy pickings: 1 | UI/UX: 0

--------------------------------------+------------------------------------
Changes (by David Smith):

* owner: Daniele Procida => (none)
* status: assigned => new

--
Ticket URL: <https://code.djangoproject.com/ticket/28592#comment:6>

[Django]

#28592: Reorganize CSRF documentation and add to FAQs
--------------------------------------+------------------------------------
Reporter: Daniele Procida | Owner: (none)

Type: Cleanup/optimization | Status: new
Component: Documentation | Version: 1.11

Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted

Has patch: 1 | Needs documentation: 0

Needs tests: 0 | Patch needs improvement: 1
Easy pickings: 1 | UI/UX: 0
--------------------------------------+------------------------------------

Comment (by Mariusz Felisiak):

David, I have doubts that refactoring a security-related docs is "easy
picking".

--
Ticket URL: <https://code.djangoproject.com/ticket/28592#comment:7>

[Django]

#28592: Reorganize CSRF documentation and add to FAQs
--------------------------------------+------------------------------------
Reporter: Daniele Procida | Owner: (none)

Type: Cleanup/optimization | Status: new
Component: Documentation | Version: 1.11

Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted

Has patch: 1 | Needs documentation: 0

Needs tests: 0 | Patch needs improvement: 1
Easy pickings: 1 | UI/UX: 0
--------------------------------------+------------------------------------

Comment (by David Smith):

Hi Mariusz -- you could well be right here, this is certainly not a ticket
suited for a beginner.

My thinking was that if a knowledgeable professional comes to look at
this, they may find it "easier" as there is prior work here that's already
had some reviews. It therefore could "easier" (but by no means easy!) than
starting from a scratch.

--
Ticket URL: <https://code.djangoproject.com/ticket/28592#comment:8>

[Django]

#28592: Reorganize CSRF documentation and add to FAQs

-------------------------------------+-------------------------------------
Reporter: Daniele Procida | Owner: Tomas
Type: | McNamer
Cleanup/optimization | Status: assigned
Component: Documentation | Version: 1.11

Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted

Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0

Easy pickings: 1 | UI/UX: 0
-------------------------------------+-------------------------------------

Changes (by Jacob Walls):

* owner: (none) => Tomas McNamer

* needs_better_patch: 1 => 0

* status: new => assigned

Comment:

[https://github.com/django/django/pull/14956 New PR]. Tomas, could you add
Daniele as a [https://docs.github.com/en/github/committing-changes-to-
your-project/creating-and-editing-commits/creating-a-commit-with-multiple-
authors co-author]?

--
Ticket URL: <https://code.djangoproject.com/ticket/28592#comment:9>

[Django]

#28592: Reorganize CSRF documentation and add to FAQs
-------------------------------------+-------------------------------------
Reporter: Daniele Procida | Owner: Tomas
Type: | McNamer
Cleanup/optimization | Status: assigned

Component: Documentation | Version: 1.11

Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted

Has patch: 1 | Needs documentation: 0

Needs tests: 0 | Patch needs improvement: 1

Easy pickings: 1 | UI/UX: 0
-------------------------------------+-------------------------------------

Changes (by Mariusz Felisiak):

* needs_better_patch: 0 => 1

--
Ticket URL: <https://code.djangoproject.com/ticket/28592#comment:10>

[Django]

#28592: Reorganize CSRF documentation and add to FAQs
-------------------------------------+-------------------------------------
Reporter: Daniele Procida | Owner: Tomas
Type: | McNamer
Cleanup/optimization | Status: assigned

Component: Documentation | Version: 1.11

Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted

Has patch: 1 | Needs documentation: 0

Needs tests: 0 | Patch needs improvement: 1
Easy pickings: 1 | UI/UX: 0
-------------------------------------+-------------------------------------

Comment (by GitHub <noreply@…>):

In [changeset:"65ac1431d5fa26154b619e4918b6b5464c21c3e0" 65ac1431]:
{{{
#!CommitTicketReference repository=""
revision="65ac1431d5fa26154b619e4918b6b5464c21c3e0"
Refs #28592 -- Removed redundant spaces in docs/ref/csrf.txt.
}}}

--
Ticket URL: <https://code.djangoproject.com/ticket/28592#comment:11>

[Django]

#28592: Reorganize CSRF documentation and add to FAQs
-------------------------------------+-------------------------------------
Reporter: Daniele Procida | Owner: Tomas
Type: | McNamer
Cleanup/optimization | Status: assigned

Component: Documentation | Version: 1.11

Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted

Has patch: 1 | Needs documentation: 0

Needs tests: 0 | Patch needs improvement: 1
Easy pickings: 1 | UI/UX: 0
-------------------------------------+-------------------------------------

Comment (by Mariusz Felisiak <felisiak.mariusz@…>):

In [changeset:"e458abc5931861e72f18b5d218726f9add7028cd" e458abc5]:
{{{
#!CommitTicketReference repository=""
revision="e458abc5931861e72f18b5d218726f9add7028cd"
Refs #28592 -- Created a new CSRF how-to document.
}}}

--
Ticket URL: <https://code.djangoproject.com/ticket/28592#comment:12>

[Django]

#28592: Reorganize CSRF documentation and add to FAQs
-------------------------------------+-------------------------------------
Reporter: Daniele Procida | Owner: Tomas
Type: | McNamer
Cleanup/optimization | Status: assigned

Component: Documentation | Version: 1.11

Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted

Has patch: 1 | Needs documentation: 0

Needs tests: 0 | Patch needs improvement: 1
Easy pickings: 1 | UI/UX: 0
-------------------------------------+-------------------------------------

Comment (by GitHub <noreply@…>):

In [changeset:"f77216bd1a777e219aeada964c5af134f4112111" f77216b]:
{{{
#!CommitTicketReference repository=""
revision="f77216bd1a777e219aeada964c5af134f4112111"
Refs #28592 -- Improved some headings in CSRF how-to.
}}}

--
Ticket URL: <https://code.djangoproject.com/ticket/28592#comment:13>

[Django]

#28592: Reorganize CSRF documentation and add to FAQs
-------------------------------------+-------------------------------------
Reporter: Daniele Procida | Owner: Tomas
Type: | McNamer
Cleanup/optimization | Status: assigned

Component: Documentation | Version: 1.11

Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted

Has patch: 1 | Needs documentation: 0

Needs tests: 0 | Patch needs improvement: 1
Easy pickings: 1 | UI/UX: 0
-------------------------------------+-------------------------------------

Comment (by Mariusz Felisiak):

Tomas, Do you have time to keep working on this?

--
Ticket URL: <https://code.djangoproject.com/ticket/28592#comment:14>

[Django]

#28592: Reorganize CSRF documentation and add to FAQs

--------------------------------------+------------------------------------
Reporter: Daniele Procida | Owner: (none)

Type: Cleanup/optimization | Status: new
Component: Documentation | Version: 1.11

Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted

Has patch: 1 | Needs documentation: 0

Needs tests: 0 | Patch needs improvement: 1
Easy pickings: 1 | UI/UX: 0

--------------------------------------+------------------------------------
Changes (by Mariusz Felisiak):

* owner: Tomas McNamer => (none)

* status: assigned => new

--
Ticket URL: <https://code.djangoproject.com/ticket/28592#comment:15>

[Django]

#28592: Reorganize CSRF documentation and add to FAQs
--------------------------------------+------------------------------------
Reporter: Daniele Procida | Owner: (none)

Type: Cleanup/optimization | Status: new
Component: Documentation | Version: 1.11

Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted

Has patch: 1 | Needs documentation: 0

Needs tests: 0 | Patch needs improvement: 1
Easy pickings: 1 | UI/UX: 0
--------------------------------------+------------------------------------

Comment (by madhuri2):

May I know if this ticket is '''closed'''? can I work on it?

--
Ticket URL: <https://code.djangoproject.com/ticket/28592#comment:16>

[Django]

#28592: Reorganize CSRF documentation and add to FAQs
--------------------------------------+------------------------------------
Reporter: Daniele Procida | Owner: (none)

Type: Cleanup/optimization | Status: new
Component: Documentation | Version: 1.11

Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted

Has patch: 1 | Needs documentation: 0

Needs tests: 0 | Patch needs improvement: 1
Easy pickings: 1 | UI/UX: 0
--------------------------------------+------------------------------------

Comment (by Mariusz Felisiak):

Replying to [comment:16 madhuri2]:

> May I know if this ticket is '''closed'''?

No.

> If not closed can I work on it?

Sure, feel-free.

--
Ticket URL: <https://code.djangoproject.com/ticket/28592#comment:17>

[Django]

#28592: Reorganize CSRF documentation and add to FAQs
--------------------------------------+------------------------------------
Reporter: Daniele Procida | Owner: (none)

Type: Cleanup/optimization | Status: new
Component: Documentation | Version: 1.11

Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted

Has patch: 1 | Needs documentation: 0

Needs tests: 0 | Patch needs improvement: 1
Easy pickings: 1 | UI/UX: 0
--------------------------------------+------------------------------------

Comment (by madhuri2):

okay

--
Ticket URL: <https://code.djangoproject.com/ticket/28592#comment:18>

[Django]

#28592: Reorganize CSRF documentation and add to FAQs

-------------------------------------+-------------------------------------
Reporter: Daniele Procida | Owner:

Type: | samithkavishke
Cleanup/optimization | Status: assigned
Component: Documentation | Version: 1.11

Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted

Has patch: 1 | Needs documentation: 0

Needs tests: 0 | Patch needs improvement: 1
Easy pickings: 1 | UI/UX: 0

-------------------------------------+-------------------------------------
Changes (by samithkavishke):

* owner: (none) => samithkavishke

* status: new => assigned

--
Ticket URL: <https://code.djangoproject.com/ticket/28592#comment:19>

[Django]

#28592: Reorganize CSRF documentation and add to FAQs
-------------------------------------+-------------------------------------

Reporter: Daniele Procida | Owner: Samith
Type: | Karunathilake
Cleanup/optimization | Status: closed
Component: Documentation | Version: 1.11
Severity: Normal | Resolution: fixed
Keywords: | Triage Stage: Accepted

Has patch: 1 | Needs documentation: 0

Needs tests: 0 | Patch needs improvement: 1
Easy pickings: 1 | UI/UX: 0
-------------------------------------+-------------------------------------

Changes (by Shiwei Chen):

* status: assigned => closed
* resolution: => fixed

Comment:

CSRF Documentation was updated and the results were successfully merged as
of March 2022, as seen in this thread:
https://github.com/django/django/pull/14956

--
Ticket URL: <https://code.djangoproject.com/ticket/28592#comment:20>

[Django]

#28592: Reorganize CSRF documentation and add to FAQs
-------------------------------------+-------------------------------------
Reporter: Daniele Procida | Owner: Samith
Type: | Karunathilake

Cleanup/optimization | Status: new
Component: Documentation | Version: 1.11

Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted

Has patch: 1 | Needs documentation: 0

Needs tests: 0 | Patch needs improvement: 1

Easy pickings: 0 | UI/UX: 0

-------------------------------------+-------------------------------------
Changes (by Tim Graham):

* status: closed => new
* resolution: fixed =>
* easy: 1 => 0

Comment:

Not all the work is merged, that's why the ticket was left open.

--
Ticket URL: <https://code.djangoproject.com/ticket/28592#comment:21>