On Monday, August 4, 2014 4:21:43 PM UTC+2, Michael Mior wrote: > > This looks good, although it seems like there should be a config setting > as I could imagine some use cases where the application expects the token > not to change in this way. I'm not sure how common this and whether or not > such a setting should be enabled by default, but I think it should be > considered. >
Any example for such an App? Ajax single page apps might come to mind -- Docs would also need updates, as currently the CSRF token is saved in a JS variable… -- You received this message because you are subscribed to the Google Groups "Django developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/django-developers. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/967e40d5-fd53-4fa0-9560-51f5f6b8d847%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
