Changes between Initial Version and Version 1 of Ticket #16010, comment 10


Ignore:
Timestamp:
Jan 10, 2021, 7:00:21 PM (4 years ago)
Author:
Tim Graham

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #16010, comment 10

    initial v1  
    11While trying to make origin checking reuse the lists of hosts that referer checking uses, I noted that the values in the `CSRF_COOKIE_DOMAIN` and `CSRF_TRUSTED_ORIGINS` settings don't include the URL scheme (which the HTTP_ORIGIN header includes), and I'm not sure it's appropriate to discard the `HTTP_ORIGIN` header's scheme in the comparison.
    22
    3 I'm not sure if we need new settings but I see that [https://pypi.org/project/django-cors-headers/ djanog-cors-headers] has some:
     3I'm not sure if we need new settings but I see that [https://pypi.org/project/django-cors-headers/ django-cors-headers] has some:
    44
    55{{{
Back to Top