Commit aa42adb0 authored by David Haynes's avatar David Haynes 🙆
Browse files

Merge branch '76-delete-lnk-csrf' into '2.2-dev'

Resolve "CSRF and CSRF-Like Protection"

See merge request !86
parents ea1a281e ad20a50c
Pipeline #1259 passed with stage
in 1 minute and 29 seconds
...@@ -329,7 +329,7 @@ def delete(request, short): ...@@ -329,7 +329,7 @@ def delete(request, short):
url = get_object_or_404(URL, short__iexact=short) url = get_object_or_404(URL, short__iexact=short)
# If the RegisteredUser is the owner of the URL # If the RegisteredUser is the owner of the URL
if url.owner == request.user.registereduser: if url.owner == request.user.registereduser and request.META['HTTP_REFERER'] == request.META['HTTP_HOST']:
# remove the URL # remove the URL
url.delete() url.delete()
# redirect to my_links # redirect to my_links
Django>=1.11 Django>=1.11
django-crispy-forms==1.6.0 django-crispy-forms==1.6.1
django-ratelimit==1.0.1 django-ratelimit==1.0.1
django-redis-cache==1.6.4 django-redis-cache==1.6.4
git+ git+
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment