WebAppSec/Secure Coding Details: Difference between revisions

From MozillaWiki
Jump to navigation Jump to search
No edit summary
No edit summary
Line 26: Line 26:


===Preventing Malicious Site Framing (ClickJacking)===
===Preventing Malicious Site Framing (ClickJacking)===
====Django====
Pull in the Mozilla commonware library[1] and add it to your middleware (example [2])
[1] https://github.com/jsocol/commonware
[2] http://github.com/jbalogh/zamboni/commit/df1d19304a385c52c8fcc888f6ffc240634eb0c5

Revision as of 21:40, 10 November 2010

Author

Michael Coates - mcoates [at] mozilla.com

Introduction

This document provides code examples and links to support the secure coding guidelines document.

Status

Layout

Session Management

Secure Flag

Django

Django provides built in support for setting the SECURE flag for the session id cookie. By default Django does NOT set the flag to secure

Correct Setting:

SESSION_COOKIE_SECURE = TRUE

http://docs.djangoproject.com/en/dev/topics/http/sessions/#session-cookie-secure

Cross Domain / Unintended User Actions

Preventing CSRF

Preventing Malicious Site Framing (ClickJacking)

Django

Pull in the Mozilla commonware library[1] and add it to your middleware (example [2])

[1] https://github.com/jsocol/commonware

[2] http://github.com/jbalogh/zamboni/commit/df1d19304a385c52c8fcc888f6ffc240634eb0c5

Retrieved from "https://wiki.allizom.org/index.php?title=WebAppSec/Secure_Coding_Details&oldid=267124"