Opened 7 years ago
Closed 7 years ago
#27611 closed Cleanup/optimization (fixed)
Remove check that suggests enabling CSRF_COOKIE_HTTPONLY setting
| Reported by: | Tim Graham | Owned by: | Tim Graham |
|---|---|---|---|
| Component: | Core (System checks) | Version: | dev |
| Severity: | Normal | Keywords: | |
| Cc: | Triage Stage: | Accepted | |
| Has patch: | yes | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
As discussed on django-developers, settings.CSRF_COOKIE_HTTPONLY offers no practical benefit, so nudging users to activate it isn't useful.
Note:
See TracTickets
for help on using tickets.
PR