Ability to set csrf cookie path and https-only plus add 'secure'
|Reported by:||cfattarsi@…||Owned by:||nobody|
|Has patch:||yes||Needs documentation:||yes|
|Needs tests:||yes||Patch needs improvement:||yes|
This is useful if you have multiple Django instances running under the same hostname. The csrf cookies can use different cookie paths, and each instance will only see
its own csrf cookie. That text is taken almost directly from the SESSION_COOKIE_PATH documentation, it would be nice if csrf cookies worked the same way.
Change History (7)
Changed 5 years ago by cfattarsi@…
comment:1 Changed 5 years ago by SmileyChris
- Component changed from Uncategorized to Core framework
- Needs documentation set
- Needs tests unset
- Patch needs improvement unset
- Triage Stage changed from Unreviewed to Design decision needed
comment:2 follow-up: ↓ 3 Changed 5 years ago by mtredinnick
- Patch needs improvement set
- Summary changed from Ability to set csrf cookie path to Ability to set csrf cookie path and https-only
- Triage Stage changed from Design decision needed to Accepted
comment:3 in reply to: ↑ 2 Changed 4 years ago by grendel
- Needs tests set
- Summary changed from Ability to set csrf cookie path and https-only to Ability to set csrf cookie path and https-only plus add 'secure'