Files @ 3ffa5fab60de
Branch filter:

Location: symposion_app/pinaxcon/csrf_view.py

3ffa5fab60de 2.0 KiB text/x-python Show Annotation Show as Raw Download as Raw
James Polley
Don't require login to view qrcode

* The qrcode contains no information that isn't in the URL you used to
access the code, so information is being leaked
* Allowing unauthenicated access lets people see the image in their
mail client

Not ideal. Let's revert this later and think of something better next
year - perhaps spending some more time researching best practices on
images in email..
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
from django.conf import settings
from django.http import HttpResponseForbidden
from django.template import Context, RequestContext, loader
from django.utils.translation import ugettext as _
from django.utils.version import get_docs_version


def csrf_failure(request, reason=""):

    from django.middleware.csrf import REASON_BAD_TOKEN, REASON_NO_REFERER, REASON_NO_CSRF_COOKIE
    t = loader.get_template("403_csrf.html")
    c = Context({
        'title': _("Forbidden"),
        'main': _("CSRF verification failed. Request aborted."),
        'reason': reason,
        'bad_token': reason == REASON_BAD_TOKEN,
        'no_referer': reason == REASON_NO_REFERER,
        'no_referer1': _(
            "You are seeing this message because this HTTPS site requires a "
            "'Referer header' to be sent by your Web browser, but none was "
            "sent. This header is required for security reasons, to ensure "
            "that your browser is not being hijacked by third parties."),
        'no_referer2': _(
            "If you have configured your browser to disable 'Referer' headers, "
            "please re-enable them, at least for this site, or for HTTPS "
            "connections, or for 'same-origin' requests."),
        'no_cookie': reason == REASON_NO_CSRF_COOKIE,
        'no_cookie1': _(
            "You are seeing this message because this site requires a CSRF "
            "cookie when submitting forms. This cookie is required for "
            "security reasons, to ensure that your browser is not being "
            "hijacked by third parties."),
        'no_cookie2': _(
            "If you have configured your browser to disable cookies, please "
            "re-enable them, at least for this site, or for 'same-origin' "
            "requests."),
        'DEBUG': settings.DEBUG,
        'docs_version': get_docs_version(),
        'more': _("More information is available with DEBUG=True."),
    })
    c = RequestContext(request, c)
    return HttpResponseForbidden(t.render(c), content_type='text/html')
Server instance: kapok.sfconservancy.org-4452 This site is powered by Kallithea 0.6.3, which is © 2010–2020 by various authors & licensed under GPLv3. – SupportPrivacy Policy