|Reported by:||PaulM||Owned by:||PaulM|
|Has patch:||no||Needs documentation:||no|
|Needs tests:||no||Patch needs improvement:||no|
This is a ticket to keep track of general CSRF improvements we want to add to Django.
- #16010 - add Origin checking
- Optionally tie CSRF to sessions
- Use signing to improve CSRF (maybe with sessions)
- Improve domain/host checking - deal with the subdomain to subdomain problem