id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
33836	Incompatible default setting for CSRF_HEADER_NAME	Matías Santurio	Matías Santurio	"The default setting for CSRF_HEADER_NAME is 'HTTP_X_CSRFTOKEN' which is incompatible with modern web application servers (including django development server), this is because it includes an underscore, which these servers don't allow since it can lead to 'header-spoofing'.

I found this on 4.0 but it's present in 4.1 and dev aswell."	Bug	closed	CSRF	4.0	Normal	fixed	CSRF settings		Unreviewed	0	0	0	0	0	0