Thanks, this is a good clue. I'll try it out tomorrow and report back.
Best wishes
Ivan
On 21/06/11 17:54, Malcolm Box wrote:
> On 21 June 2011 16:48, Ivan Uemlianin<ivan.llaisdy@gmail.com> wrote:
>> With tsung you record a site visit (called a session) --- log in, view
>> various pages, do a few things, log out --- and tsung will then hit
>> the site with lots of randomised versions of this session.
>>
>
>> Many of the views are csrf protected, and the automated requests tsung
>> generates don't get through the protection. For the moment I'm just
>> commenting out the csrf middleware in settings.py, but this is
>> obviously inconvenient.
>>
>
> I think you'll need to do some work with dyn_variable to pull the csrf
> token out of the original form and re-inject it into the post you send
> back. As far as I understand it, all that the csrf protection is is an
> opaque value hidden in any form that needs to be present in the
> submitted version to be valid. That stops "loose" posts from CSRF
> attacks working as they don't know the magic key.
>
> Malcolm
>
--
============================================================
Ivan A. Uemlianin
Speech Technology Research and Development
ivan@llaisdy.com
www.llaisdy.com
llaisdy.wordpress.com
www.linkedin.com/in/ivanuemlianin
"Froh, froh! Wie seine Sonnen, seine Sonnen fliegen"
(Schiller, Beethoven)
============================================================
--
You received this message because you are subscribed to the Google Groups "Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to django-users+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
No comments:
Post a Comment