Skip to content

Releases: qld-gov-au/ckanext-csrf-filter

Reduce noisy logging

01 Jun 02:01
@ThrawnCA ThrawnCA
1.1.1
2a44ce5
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Reduce noisy logging 
Merge pull request #13 from qld-gov-au/develop

Develop to main
Loading

Add optional protection against Login CSRF

31 May 03:02
@ThrawnCA ThrawnCA
1.1.0
daaab58
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Add optional protection against Login CSRF

Add a Repoze plugin that can be used to check tokens when logging in, replacing FriendlyForm. This plugin needs to be configured separately, eg in who.ini.

Loading

Disable response pass-through

13 May 22:40
@ThrawnCA ThrawnCA
1.0.1
a139c2c
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Disable response pass-through

We need to disable Flask response pass-through mode so that we can inject tokens into the response body. This will have a performance impact but is necessary for CKAN 2.9.

Loading

Initial release

10 May 06:43
@ThrawnCA ThrawnCA
1.0.0
d061631
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Initial release

CSRF filter based on a mixture of Double Submit Cookie and HMAC Based Token patterns.

Protects HTML-based forms and some types of JavaScript-based interaction, with no code changes required.

Does not protect API calls or prevent Login CSRF.

Loading