Commit aa42adb0 authored by David Haynes's avatar David Haynes 🙆

Merge branch '76-delete-lnk-csrf' into '2.2-dev'

Resolve "CSRF and CSRF-Like Protection"

See merge request !86
parents ea1a281e ad20a50c
Pipeline #1259 passed with stage
in 1 minute and 29 seconds
......@@ -329,7 +329,7 @@ def delete(request, short):
url = get_object_or_404(URL, short__iexact=short)
# If the RegisteredUser is the owner of the URL
if url.owner == request.user.registereduser:
if url.owner == request.user.registereduser and request.META['HTTP_REFERER'] == request.META['HTTP_HOST']:
# remove the URL
url.delete()
# redirect to my_links
......
Django>=1.11
django-crispy-forms==1.6.0
django-crispy-forms==1.6.1
django-ratelimit==1.0.1
django-redis-cache==1.6.4
git+https://github.com/dhaynespls/django-qrcode.git
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment