forked from plone/plone4.csrffixes
RedTurtle/plone4.csrffixes
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Folders and files
Name | Name | Last commit message | Last commit date | |
---|---|---|---|---|
Repository files navigation
plone4.csrffixes ================ The package aims to backport the auto CSRF implementation from Plone 5 to Plone 4. The reason this is necessary is because there are a lot of CSRF problem with the ZMI that Zope2 will never be able to fix. See https://plone.org/products/plone/security/advisories/security-vulnerability-20151006-csrf for more details. Installation ============ Plone 4.3, 4.2, 4.1 and 4.0 --------------------------- add `plone4.csrffixes` to eggs list:: eggs = ... plone4.csrffixes ... add a new version pin for plone.protect, plone.keyring and plone.locking:: [versions] ... plone.protect = 3.0.12 plone.keyring = 3.0.1 plone.locking = 2.0.8 ... Plone 4.0 and 4.1 ----------------- If lxml is not already included in your site, this package has a dependency on lxml and will pull it in when installed. We recommend pinning to version 2.3.6 of lxml. If you use a version of lxml > 3, you'll need to also install the `cssselect` package.
About
Backport the auto CSRF implementation from Plone 5 to Plone 4
Resources
Stars
Watchers
Forks
Packages 0
No packages published
Languages
- Python 76.4%
- JavaScript 23.6%