Opened 8 years ago

Closed 8 years ago

#27611 closed Cleanup/optimization (fixed)

Remove check that suggests enabling CSRF_COOKIE_HTTPONLY setting

Reported by: Tim Graham Owned by: Tim Graham
Component: Core (System checks) Version: dev
Severity: Normal Keywords:
Cc: Triage Stage: Accepted
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

As discussed on django-developers, settings.CSRF_COOKIE_HTTPONLY offers no practical benefit, so nudging users to activate it isn't useful.

Change History (2)

comment:2 by Tim Graham, 8 years ago

Has patch: set

comment:3 by GitHub <noreply@…>, 8 years ago

Resolution: fixed
Status: assignedclosed

In c27104a:

Fixed #27611 -- Doc'd that CSRF_COOKIE_HTTPONLY setting offers no security.

Note: See TracTickets for help on using tickets.
Back to Top