Changes between Version 3 and Version 4 of Ticket #33836
- Timestamp:
- Jul 9, 2022, 11:17:23 PM (2 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #33836 – Description
v3 v4 1 1 The default setting for CSRF_HEADER_NAME is 'HTTP_X_CSRFTOKEN' which is incompatible with modern web application servers (including django development server), this is because it includes an underscore, which these servers don't allow since it can lead to 'header-spoofing'. 2 2 3 I found this on 4.0 but it's present in 4.1 and dev as well.3 I found this on 4.0 but it's present in 4.1 and dev as well.