It currently mixes up topic, reference and how-to material all in the
same document.
The CSRF sections can be expanded to address some common questions about
the way Django does this.
The pull request https://github.com/django/django/pull/9071 addresses
these issues.
--
Ticket URL: <https://code.djangoproject.com/ticket/28592>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
* owner: nobody => Daniele Procida
* status: new => assigned
--
Ticket URL: <https://code.djangoproject.com/ticket/28592#comment:1>
* needs_better_patch: 0 => 1
* stage: Unreviewed => Accepted
Old description:
> The security documentation can be improved.
>
> It currently mixes up topic, reference and how-to material all in the
> same document.
>
> The CSRF sections can be expanded to address some common questions about
> the way Django does this.
>
> The pull request https://github.com/django/django/pull/9071 addresses
> these issues.
New description:
The CSRF documentation can be improved.
It currently mixes up topic, reference, and how-to material all in the
same document.
The CSRF sections can be expanded to address some common questions about
the way Django does this.
[https://github.com/django/django/pull/9071 PR]
--
--
Ticket URL: <https://code.djangoproject.com/ticket/28592#comment:2>
* needs_better_patch: 1 => 0
Comment:
Hello from the future, Daniele. Found this PR while surfing GitHub. I'm
resetting the review flag since it looks like you're caught up on
feedback.
[https://github.com/django/django/pull/9071 PR]
--
Ticket URL: <https://code.djangoproject.com/ticket/28592#comment:3>
* needs_better_patch: 0 => 1
Comment:
This patch is not mergeable anymore. It has a lot of conflicts with the
current master, it seems that a new PR is needed to move it forward.
--
Ticket URL: <https://code.djangoproject.com/ticket/28592#comment:4>
* easy: 0 => 1
--
Ticket URL: <https://code.djangoproject.com/ticket/28592#comment:5>
* owner: Daniele Procida => (none)
* status: assigned => new
--
Ticket URL: <https://code.djangoproject.com/ticket/28592#comment:6>
Comment (by Mariusz Felisiak):
David, I have doubts that refactoring a security-related docs is "easy
picking".
--
Ticket URL: <https://code.djangoproject.com/ticket/28592#comment:7>
Comment (by David Smith):
Hi Mariusz -- you could well be right here, this is certainly not a ticket
suited for a beginner.
My thinking was that if a knowledgeable professional comes to look at
this, they may find it "easier" as there is prior work here that's already
had some reviews. It therefore could "easier" (but by no means easy!) than
starting from a scratch.
--
Ticket URL: <https://code.djangoproject.com/ticket/28592#comment:8>
* owner: (none) => Tomas McNamer
* needs_better_patch: 1 => 0
* status: new => assigned
Comment:
[https://github.com/django/django/pull/14956 New PR]. Tomas, could you add
Daniele as a [https://docs.github.com/en/github/committing-changes-to-
your-project/creating-and-editing-commits/creating-a-commit-with-multiple-
authors co-author]?
--
Ticket URL: <https://code.djangoproject.com/ticket/28592#comment:9>
* needs_better_patch: 0 => 1
--
Ticket URL: <https://code.djangoproject.com/ticket/28592#comment:10>
Comment (by GitHub <noreply@…>):
In [changeset:"65ac1431d5fa26154b619e4918b6b5464c21c3e0" 65ac1431]:
{{{
#!CommitTicketReference repository=""
revision="65ac1431d5fa26154b619e4918b6b5464c21c3e0"
Refs #28592 -- Removed redundant spaces in docs/ref/csrf.txt.
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/28592#comment:11>
Comment (by Mariusz Felisiak <felisiak.mariusz@…>):
In [changeset:"e458abc5931861e72f18b5d218726f9add7028cd" e458abc5]:
{{{
#!CommitTicketReference repository=""
revision="e458abc5931861e72f18b5d218726f9add7028cd"
Refs #28592 -- Created a new CSRF how-to document.
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/28592#comment:12>
Comment (by GitHub <noreply@…>):
In [changeset:"f77216bd1a777e219aeada964c5af134f4112111" f77216b]:
{{{
#!CommitTicketReference repository=""
revision="f77216bd1a777e219aeada964c5af134f4112111"
Refs #28592 -- Improved some headings in CSRF how-to.
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/28592#comment:13>
Comment (by Mariusz Felisiak):
Tomas, Do you have time to keep working on this?
--
Ticket URL: <https://code.djangoproject.com/ticket/28592#comment:14>
* owner: Tomas McNamer => (none)
* status: assigned => new
--
Ticket URL: <https://code.djangoproject.com/ticket/28592#comment:15>
Comment (by madhuri2):
May I know if this ticket is '''closed'''? can I work on it?
--
Ticket URL: <https://code.djangoproject.com/ticket/28592#comment:16>
Comment (by Mariusz Felisiak):
Replying to [comment:16 madhuri2]:
> May I know if this ticket is '''closed'''?
No.
> If not closed can I work on it?
Sure, feel-free.
--
Ticket URL: <https://code.djangoproject.com/ticket/28592#comment:17>
Comment (by madhuri2):
okay
--
Ticket URL: <https://code.djangoproject.com/ticket/28592#comment:18>
* owner: (none) => samithkavishke
* status: new => assigned
--
Ticket URL: <https://code.djangoproject.com/ticket/28592#comment:19>
* status: assigned => closed
* resolution: => fixed
Comment:
CSRF Documentation was updated and the results were successfully merged as
of March 2022, as seen in this thread:
https://github.com/django/django/pull/14956
--
Ticket URL: <https://code.djangoproject.com/ticket/28592#comment:20>
* status: closed => new
* resolution: fixed =>
* easy: 1 => 0
Comment:
Not all the work is merged, that's why the ticket was left open.
--
Ticket URL: <https://code.djangoproject.com/ticket/28592#comment:21>