Changes between Version 3 and Version 4 of Ticket #33836


Ignore:
Timestamp:
Jul 9, 2022, 11:17:23 PM (2 years ago)
Author:
Matías Santurio
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #33836 – Description

    v3 v4  
    11The default setting for CSRF_HEADER_NAME is 'HTTP_X_CSRFTOKEN' which is incompatible with modern web application servers (including django development server), this is because it includes an underscore, which these servers don't allow since it can lead to 'header-spoofing'.
    22
    3 I found this on 4.0 but it's present in 4.1 and dev aswell.
     3I found this on 4.0 but it's present in 4.1 and dev as well.
Back to Top