UNKNOWN
Project description
plone4.csrffixes
The package aims to backport the auto CSRF implementation from Plone 5 to Plone 4.
The reason this is necessary is because there are a lot of CSRF problem with the ZMI that Zope2 will never be able to fix.
See https://plone.org/products/plone/security/advisories/security-vulnerability-20151006-csrf for more details.
Installation
Plone 4.3, 4.2, 4.1 and 4.0
add plone4.csrffixes to eggs list:
eggs = ... plone4.csrffixes ...
add a new version pin for plone.protect, plone.keyring and plone.locking:
[versions] ... plone.protect = 3.0.12 plone.keyring = 3.0.1 plone.locking = 2.0.8 ...
Plone 4.0 and 4.1
If lxml is not already included in your site, this package has a dependency on lxml and will pull it in when installed.
We recommend pinning to version 2.3.6 of lxml. If you use a version of lxml > 3, you’ll need to also install the cssselect package.
Changelog
1.0.1 (2015-10-06)
correctly check for origin header [vangheem]
1.0.0 (2015-10-06)
initial release
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.