Changes between Initial Version and Version 3 of Ticket #33836


Ignore:
Timestamp:
Jul 9, 2022, 11:17:10 PM (2 years ago)
Author:
Matías Santurio
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #33836

    • Property Owner changed from Matías Santurio to Matías Santurio
    • Property Resolutionfixed
    • Property Status assignedclosed
  • Ticket #33836 – Description

    initial v3  
    11The default setting for CSRF_HEADER_NAME is 'HTTP_X_CSRFTOKEN' which is incompatible with modern web application servers (including django development server), this is because it includes an underscore, which these servers don't allow since it can lead to 'header-spoofing'.
     2
     3I found this on 4.0 but it's present in 4.1 and dev aswell.
Back to Top