2.2 Release

- Add in 2.2 CHANGELOG
- Fix last minute bug with the CSRF check
- Missed a spot in the footer

CHANGELOG

 # Change Log
-All notable changes to this project will be documented in this file.
-This project adheres to [Semantic Versioning](http://semver.org/).
+All notable changes to this project will be documented in this file. This 
+project adheres (to the best of our ability) to [Semantic Versioning](http://semver.org/).
+
+## [2.2.0] - 2017-26-04
+
+### Added
+
+- LibreJS Compatible
+- Current version of Go displayed in footer
+- Warning model when interacting with /useradmin
+- Can block users
+    - Blocked users may log in but cannot interact with the site
+    - Blocked users may be managed from /useradmin
+    - " " may be unblocked
+- "New Link" button added to my_links view
+- Python 3.4-3.6 support
+- Django 1.11 upgrade
+- Unit tests for all major Django components
+    - models
+    - views
+    - URLs
+    - forms
+    - random python files (cas_callbacks)
+- Search bar in /useradmin
+- Windows instructions in README
+- Flake8 run on CI time
+- Help text on the signup form
+- Twitter card metadata
+- Facebook/Opengraph metadata
+
+### Changed
+
+- Design consistency across error pages
+- Project requirements follow two scoops style
+- Go links cannot be rendered to itself
+- Settings files inherit from one another
+    - Enviornment variables used instead of .template
+    - secret.py dropped
+    - local settings and prod settings
+- Cache static pages
+- Rate limit POST requests
+- Homepage now defaults to my_links
+- Imports are now explicit 
+- IE Compatible
+- CSRF Protection for /delete
+
+### Fixed
+
+- Error pages are rendered correctly now
+- HTTPS Go links displayed everywhere
+- All content is served with HTTPS
+- Dependecies are checked at CI time for updates
+- Standardization of fonts 
+
+### Removed
+
+- .template files
+- secret.py
+- LDAP support
 
 ## [2.1.1] - 2017-01-07
 ### Added

go/go/templates/layouts/footer.html

@@ -6,7 +6,7 @@
 	    <a href="http://srct.gmu.edu/">GMU<strong> SRCT</strong></a>. |
 			Read and contribute to our <a href="https://git.gmu.edu/srct/go/">source code</a>. |
 			Freely-licensed under <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache 2.0</a>. |
-			Go Version 2.1.1
+			Go Version 2.2.0
 		</span>
 	</div>
 

go/go/views.py

@@ -314,6 +314,7 @@ def edit(request, short):
         # do not allow them to edit
         raise PermissionDenied()
 
+
 @login_required
 def delete(request, short):
     """
@@ -329,15 +330,29 @@ def delete(request, short):
     url = get_object_or_404(URL, short__iexact=short)
 
     # If the RegisteredUser is the owner of the URL
-    if url.owner == request.user.registereduser and request.META['HTTP_REFERER'] == request.META['HTTP_HOST']:
-        # remove the URL
-        url.delete()
-        # redirect to my_links
-        return redirect('my_links')
+    if url.owner == request.user.registereduser:
+        # There are some instances where this request header does not exist, in
+        # this case we fallback to the insecure method
+        if request.META.get('HTTP_REFERER') is not None:
+            # Make sure that the requestee is from the same domain (go.gmu.edu)
+            if request.META.get('HTTP_REFERER') == request.META.get('HTTP_HOST'):
+                # remove the URL
+                url.delete()
+                # redirect to my_links
+                return redirect('my_links')
+            else:
+                raise PermissionDenied()
+        # Fallback and delete
+        else:
+            # remove the URL
+            url.delete()
+            # redirect to my_links
+            return redirect('my_links')
     else:
         # do not allow them to delete
         raise PermissionDenied()
 
+
 @login_required
 def signup(request):
     """