Changes between Initial Version and Version 1 of Ticket #16010, comment 10
- Timestamp:
- Jan 10, 2021, 7:00:21 PM (3 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #16010, comment 10
initial v1 1 1 While trying to make origin checking reuse the lists of hosts that referer checking uses, I noted that the values in the `CSRF_COOKIE_DOMAIN` and `CSRF_TRUSTED_ORIGINS` settings don't include the URL scheme (which the HTTP_ORIGIN header includes), and I'm not sure it's appropriate to discard the `HTTP_ORIGIN` header's scheme in the comparison. 2 2 3 I'm not sure if we need new settings but I see that [https://pypi.org/project/django-cors-headers/ djan og-cors-headers] has some:3 I'm not sure if we need new settings but I see that [https://pypi.org/project/django-cors-headers/ django-cors-headers] has some: 4 4 5 5 {{{