Tweaks to the new form csrf caching entry #4772
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
weaverryan
changed the title
|
seems good to me, easier to read and no mistakes introduced as far as i can see. |
| Typically, each user is assigned a unique CSRF token, which is stored in | ||
| the session for validation. This means that if you *do* cache a page with | ||
| a form containing a CSRF token, you'll cache the CSRF token of the *first* | ||
| user only. When a user submits, the token won't match the token stored in |
There was a problem hiding this comment.
I think there are some missing words here:
When a user submits, the token ...
Proposal:
When a user submits the form, the token ...
weaverryan
added a commit
that referenced
this pull request
Jan 16, 2015
This PR was merged into the 2.3 branch. Discussion ---------- Tweaks to the new form csrf caching entry | Q | A | ------------- | --- | Doc fix? | no | New docs? | no | Applies to | all | Fixed tickets | n/a Hi guys! After merging this nice new entry in #4141, I wanted to make a few minor language tweaks (the diff looks bigger than the changes really are). This included shortening a few sections and talking less about how *all* reverse proxies refuse to cache pages with a session, because I don't (for example) believe this is true with Symfony's reverse proxy. Thanks! Commits ------- cc40b5c Adding missing words thanks to javiereguiluz 1c568e1 [#4141] Tweaks to the new form csrf caching entry
| for each user. | ||
|
|
||
| How to Cache Most of the Page and still Be Able to Use CSRF Protection | ||
| Why Caching Pages with a CSRF token are Problematic |
There was a problem hiding this comment.
Shouldn't it be "is" instead of "are"? And should we add a label for the old headline?
There was a problem hiding this comment.
You're right! Fixed at sha: 36d1bac
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Hi guys!
After merging this nice new entry in #4141, I wanted to make a few minor language tweaks (the diff looks bigger than the changes really are). This included shortening a few sections and talking less about how all reverse proxies refuse to cache pages with a session, because I don't (for example) believe this is true with Symfony's reverse proxy.
Thanks!