id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
35796	Add setting to sign CSRF cookie	Benjamin  Zagorsky		"Django should have a setting `CSRF_COOKIE_SIGNED` that uses the cookie signing infrastructure to sign the CSRF cookie.  This would enable sites running on a subdomain of a shared domain name (ex. [SUBDOMAIN].herokuapp.com) to have protection from cookie tampering (reducing the caveat currently under https://docs.djangoproject.com/en/5.1/ref/csrf/#csrf-limitations).

This setting should initially default to `False` for backwards comparability, although this could be changed in a future major release."	New feature	new	Core (Other)	dev	Normal		csrf cookie		Unreviewed	0	0	0	0	1	0