Follow The Pink Pony: A Story Of CSRF, Managed Services, And Unicorns
With the release of Django 4.0, there was a minor change to how Django handles CSRF protections: the Origin header is now checked, if present. Specifically, the URL scheme is now checked. Now, this seems like an innocuous change, something that shouldn’t affect many users. However, this change would break Django 4.0 deployments to Cloud Run using our tutorial. But not deployments to App Engine. What follows is one engineer’s story (hi!) into the depths of managed services, web server gateway interfaces, and magic strings. Managed hosting manages your hosting, turns out When you use managed hosting, you delegate control…
Share