oyilmaztekin
Reputation: 753
How can I randomize csrf token for django admin
I've just got vulnerability report that came from pentesters for my Django project. The report says my Django app is vulnerable to the BREACH ATTACK. SSL is active, cookies are flagged as secure, session cookies are set as secure. HTTP Compressions closed by the sysadmin it is controlled from the Nginx that I have no access. So gzip is closed. Now I want to randomize csrf token for per client-side request for the django admin, especially for the login page. Is there a way to do this in settings.py in a simple way or do I have to write custom admin view? What is the best practice for this issue?
Upvotes: 0
Views: 166
Answers (0)
Related Questions
- Manually get a CSRF token when testing
- Django check CSRF token manually
- Simulate CSRF Attack on Login Required URL
- Django: Generate new CSRF token per request/form
- CSRF token just fires randomly in django
- Renew CSRF_TOKEN
- Test post requests on django, csrf_token
- Generate fresh django CSRF token on each login
- Testing csrf token in django
- Handling CSRF tokens in Django