Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Change DRF to TokenAuthentication #72

Closed
3 tasks
jdungan opened this issue Dec 27, 2014 · 0 comments
Closed
3 tasks

Change DRF to TokenAuthentication #72

jdungan opened this issue Dec 27, 2014 · 0 comments
Assignees
@groovecoder
Labels
django/backend
Milestone
January TWD meeting

Comments

@jdungan
Copy link
Member

jdungan commented Dec 27, 2014

Django Rest Framework - as it should - enforces CSRF protection when using SessionAuthentication.

The browser extensions execute their form and AJAX requests from the bug domains. (e.g., github.com) So, the HTTP Referer - github.com - does not match the server-side domain - codesy.io, and the CSRF validation fails.

So, we need to change DRF to TokenAuthentication, which doesn't enforce CsrfMiddleware 'Referer' matching, and is probably better anyway. To do so, we should:
@groovecoder groovecoder changed the title Remove CSRF token Fix CSRF Dec 27, 2014
groovecoder added a commit to groovecoder/codesy that referenced this issue Dec 27, 2014
@groovecoder
for codesy#72 - remove default CSRF protection
68478ee
groovecoder added a commit to groovecoder/codesy that referenced this issue Dec 27, 2014
@groovecoder
for codesy#72 - terrible ALLOWED_HOSTS hack for github.com
afc0025
@groovecoder groovecoder mentioned this issue Dec 27, 2014
Closed
3 tasks
@groovecoder groovecoder changed the title Fix CSRF Change DRF to TokenAuthentication Dec 27, 2014
groovecoder added a commit to groovecoder/codesy that referenced this issue Dec 28, 2014
@groovecoder
fix codesy#72 - add tokens for users for API auth
4b90d9d
@groovecoder groovecoder added this to the January TWD meeting milestone Dec 28, 2014
groovecoder added a commit to groovecoder/codesy that referenced this issue Dec 31, 2014
@groovecoder
fix codesy#72 - add tokens for users for API auth
31d292d
groovecoder added a commit to groovecoder/codesy that referenced this issue Dec 31, 2014
@groovecoder
for codesy#72 - remove session auth from API
6c7e074
@groovecoder groovecoder self-assigned this Jan 1, 2015
groovecoder added a commit to groovecoder/codesy that referenced this issue Jan 2, 2015
@groovecoder
fix codesy#72 - add tokens for users for API auth
5dbebfd
groovecoder added a commit to groovecoder/codesy that referenced this issue Jan 2, 2015
@groovecoder
for codesy#72 - remove session auth from API
b36760e
groovecoder added a commit to groovecoder/codesy that referenced this issue Jan 2, 2015
@groovecoder
for codesy#72 - remove session auth from API
e85f683
groovecoder added a commit to groovecoder/codesy that referenced this issue Jan 2, 2015
@groovecoder
for codesy#72 - move Session auth after Token auth
26010f5
groovecoder added a commit that referenced this issue Jan 2, 2015
@groovecoder
Merge pull request #73 from groovecoder/drf-token-auth-72
fe80c38 
fix #72 - add tokens for users for API auth
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@groovecoder groovecoder

Labels
django/backend
Projects
None yet
Milestone
January TWD meeting
Development

No branches or pull requests
2 participants
@groovecoder @jdungan