id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
17563	See:  https://docs.djangoproject.com/en/dev/ref/contrib/csrf/#how-it-works, at point 4	Klaas van Schelven	nobody	"Django does strict referer checking in the CSRF mechanism. See:

https://docs.djangoproject.com/en/dev/ref/contrib/csrf/#how-it-works, at point 4

Security aware people may, however, turn referer headers off. This leads to 403 errors for them.

The ""feature"" is not strictly necessary, at the moment of switching to HTTPS one could erase any HTTP cookies."	Uncategorized	closed	Uncategorized	1.3	Normal	wontfix			Unreviewed	0	0	0	0	0	0