Mirror
/
zulip
mirror of https://github.com/zulip/zulip.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
zulip/zproject
History
Anders Kaseorg 70f72a3ae8 security: Send SameSite=Lax cookies. 
Send the `csrftoken` and `sessionid` cookies with `SameSite=Lax`.
This adds a layer of defense against CSRF attacks and matches the new
default in Django 2.1:

https://docs.djangoproject.com/en/2.1/releases/2.1/#samesite-cookies

This can be reverted when we upgrade to Django ≥ 2.1.

Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
 		2019-10-30 13:12:11 -07:00
..
jinja2 cleanup: Delete leading newlines. 2019-08-06 23:29:11 -07:00
__init__.py
backends.py auth: Support not using an icon when rendering social login buttons. 2019-10-28 15:14:57 -07:00
dev_settings.py auth: Add initial SAML authentication support. 2019-10-10 15:44:34 -07:00
dev_urls.py storage: Stop using django-pipeline. 2019-07-24 17:40:31 -07:00
email_backends.py tools: Upgrade Pycodestyle and fix new linter errors. 2019-01-31 12:21:41 -08:00
legacy_urls.py urls: Move the json/fetch_api_key endpoint to be an API-style route. 2018-01-08 13:15:52 -05:00
prod_settings_template.py auth: Tweak docs now that SAML supports multiple IdPs. 2019-10-28 15:22:29 -07:00
settings.py security: Send SameSite=Lax cookies. 2019-10-30 13:12:11 -07:00
slack_importer_test_settings.py settings: Migrate test settings to modern postgres backend name. 2019-01-23 17:08:24 -08:00
terms.md.template Add TERMS_OF_SERVICE setting. 2016-07-29 20:47:31 -07:00
test_settings.py auth: Change SAML login url scheme, enabling multiple IdP support. 2019-10-28 15:09:42 -07:00
urls.py auth: Change SAML login url scheme, enabling multiple IdP support. 2019-10-28 15:09:42 -07:00
wsgi.py wsgi.py: Fix broken error ouput for django.setup() call. 2019-06-24 12:19:51 -07:00