Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CSRF protection in CKAN core now #39

Open
markstuart opened this issue Oct 5, 2023 · 1 comment
Open

CSRF protection in CKAN core now #39

markstuart opened this issue Oct 5, 2023 · 1 comment

Comments

@markstuart
Copy link
Contributor

Hi team, just wondering if it'd be worth adding some information in the README to indicate why someone might choose to use this extension over the CSRF protection that CKAN core now provides?

Clearly this extension is great for anyone on older versions of CKAN, and we recommend it alongside the https://github.com/data-govt-nz/ckanext-security extension, but possibly it also provides more extensive CSRF protection than the core implementation?

@ThrawnCA any ideas on this?
@ThrawnCA
Copy link
Contributor

ThrawnCA commented Oct 5, 2023

Well, it actually is mentioned in the README, although it's not specifically stated to be an advantage over core: "no modifications to existing forms". The core protection has to be disabled if you're using a plugin that hasn't been updated to work with it. This doesn't; it will inject tokens to any template on the fly.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@markstuart @ThrawnCA