Opened 14 years ago
Closed 14 years ago
#14907 closed (wontfix)
Document the settings affecting csrf cookie
Reported by: | wiml | Owned by: | nobody |
---|---|---|---|
Component: | Documentation | Version: | 1.2 |
Severity: | Keywords: | ||
Cc: | Triage Stage: | Unreviewed | |
Has patch: | yes | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | no |
Easy pickings: | no | UI/UX: | no |
Description
I think it would be helpful to describe the settings which affect the CSRF cookie in the csrf documentation.
Here is some text which could be appended to docs/ref/contrib/csrf.txt (modeled after the similar section in the session documentation):
Settings ======== A few :ref:`Django settings <ref-settings>` give you control over the CSRF cookie: CSRF_COOKIE_NAME ---------------- Default: ``csrftoken`` The name of the cookie to use for CSRF tokens. CSRF_COOKIE_DOMAIN ------------------ Default: ``None`` The domain to use for the CSRF cookie. See :meth:`HttpResponse.set_cookie()`.
Note:
See TracTickets
for help on using tickets.
These settings are documented: http://docs.djangoproject.com/en/dev/ref/settings/#std:setting-CSRF_COOKIE_DOMAIN
Whether the settings for contrib apps should be documented solely in the settings documentation, solely in their respective ref/contrib sections, or in some combination of both is the subject of #14633. If you care to give an opinion on the subject, a comment on #14633 is the place to do it.
Thanks for the report, though!