Opened 4 years ago

Closed 4 years ago

#14907 closed (wontfix)

Document the settings affecting csrf cookie

Reported by: wiml Owned by: nobody
Component: Documentation Version: 1.2
Severity: Keywords:
Cc: Triage Stage: Unreviewed
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: UI/UX:

Description

I think it would be helpful to describe the settings which affect the CSRF cookie in the csrf documentation.

Here is some text which could be appended to docs/ref/contrib/csrf.txt (modeled after the similar section in the session documentation):

Settings
========

A few :ref:`Django settings <ref-settings>` give you control over the CSRF cookie:

CSRF_COOKIE_NAME
----------------

Default: ``csrftoken``

The name of the cookie to use for CSRF tokens.

CSRF_COOKIE_DOMAIN
------------------

Default: ``None``

The domain to use for the CSRF cookie. See :meth:`HttpResponse.set_cookie()`.

Change History (1)

comment:1 Changed 4 years ago by gabrielhurley

  • Needs documentation unset
  • Needs tests unset
  • Patch needs improvement unset
  • Resolution set to wontfix
  • Status changed from new to closed

These settings are documented: http://docs.djangoproject.com/en/dev/ref/settings/#std:setting-CSRF_COOKIE_DOMAIN

Whether the settings for contrib apps should be documented solely in the settings documentation, solely in their respective ref/contrib sections, or in some combination of both is the subject of #14633. If you care to give an opinion on the subject, a comment on #14633 is the place to do it.

Thanks for the report, though!

Note: See TracTickets for help on using tickets.
Back to Top