Message6648
One thing I clearly didn't appreciate when reading the instructions to upgrade to version 1.6.0 was that the following CSRF hidden fields should be added to all the forms:
<input name="@csrf" type="hidden"
tal:attributes="value python:utils.anti_csrf_nonce()">
This was the other major change a performed on the HTML.
If it is necessary to update all forms with this field, perhaps the upgrade document could be made more explicit with this instruction?
Kind regards
Matt... |
|
Date |
User |
Action |
Args |
2019-09-19 15:57:24 | matt109 | set | messageid: <1568908644.07.0.208859850186.issue2551060@roundup.psfhosted.org> |
2019-09-19 15:57:24 | matt109 | set | recipients:
+ matt109, rouilj |
2019-09-19 15:57:24 | matt109 | link | issue2551060 messages |
2019-09-19 15:57:23 | matt109 | create | |
|