CSRF has not been a priority for admin so far, so no one ever provided a patch for CSRF in admin. Btw if I'm not wrong SecureFormMixin was from TW1 not TW2
On Tue, Apr 5, 2016 at 5:42 PM, Sandro Beffa <[email protected]> wrote: > Hi Alessandro > for not it's not used > Thank you very much for this :-) > An other thing, which I was looking for is the following: > > I noticed that the TG Admin is not using the SecureFormMixin ( to prevent > CSRF ), which TW2 is providing. Is there a reason because of it's not used ? > > Best regards, Sandro > > > Am Montag, 4. April 2016 01:00:46 UTC+2 schrieb Alessandro Molina: >> >> On Thu, Mar 31, 2016 at 1:45 PM, Sandro Beffa <[email protected]> wrote: >>> >>> >>> So my question: Are there other libs to add CSRF protection to TG2 ? >>> >> >> Hope this provides what you need: >> https://pypi.python.org/pypi/tgext.utils/0.0.1 :D >> > -- > You received this message because you are subscribed to the Google Groups > "TurboGears" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > Visit this group at https://groups.google.com/group/turbogears. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "TurboGears" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/turbogears. For more options, visit https://groups.google.com/d/optout.
