On Sun, Sep 5, 2010 at 7:49 PM, Patryk Zawadzki <pat...@pld-linux.org> wrote: > If you really want to use POST in HTTP → HTTPS transitions, introduce > settings.CSRF_WHATEVER, document it thoroughly and make it default to > False.
Just for clarity -- when the flag is False and current connection is secure, the CSRF cookie should be sent with "secure" flag enabled. -- Patryk Zawadzki -- You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-develop...@googlegroups.com. To unsubscribe from this group, send email to django-developers+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-developers?hl=en.
