Ticket #14134: patch.diff

File patch.diff, 1.3 KB (added by cfattarsi@…, 5 years ago)

add CSRF_COOKIE_PATH option to settings.py

  • django/conf/global_settings.py

     
    484484# rejected by the CSRF middleware.
    485485CSRF_FAILURE_VIEW = 'django.views.csrf.csrf_failure'
    486486
    487 # Name and domain for CSRF cookie.
    488 CSRF_COOKIE_NAME = 'csrftoken'
    489 CSRF_COOKIE_DOMAIN = None
     487CSRF_COOKIE_NAME = 'csrftoken'                       # Cookie name.
     488CSRF_COOKIE_PATH = '/'                               # The path of the csrf cookie.
     489CSRF_COOKIE_DOMAIN = None                            # A string like ".lawrence.com", or None for standard domain cookie.
    490490
    491491############
    492492# MESSAGES #
  • django/middleware/csrf.py

     
    195195        # Set the CSRF cookie even if it's already set, so we renew the expiry timer.
    196196        response.set_cookie(settings.CSRF_COOKIE_NAME,
    197197                request.META["CSRF_COOKIE"], max_age = 60 * 60 * 24 * 7 * 52,
     198                path=settings.CSRF_COOKIE_PATH,
    198199                domain=settings.CSRF_COOKIE_DOMAIN)
    199200        # Content varies with the CSRF cookie, so set the Vary header.
    200201        patch_vary_headers(response, ('Cookie',))
Back to Top