On August 4, 2014 at 3:52:56 PM, Wes Alvaro (he...@wesalvaro.com) wrote: > I don't see that as a drawback at all. Third party code should not be > concerned with the CSRF cookie information. There's a separation of > concerns that's being violated there. Are you speaking from knowledge of > 3rd party code needing access to this data or hypothetically? If you have > an example, I'd be interested to see why they are accessing it and why they > aren't implemented as a CSRF middleware. >
Well any thing with hardcoded cookie names in javascript would break with this setting although i’m inclined to say you shouldn’t change the setting in that case. -- Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA -- You received this message because you are subscribed to the Google Groups "Django developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-developers+unsubscr...@googlegroups.com. To post to this group, send email to django-developers@googlegroups.com. Visit this group at http://groups.google.com/group/django-developers. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/etPan.53dfe589.6b8b4567.1280a%40Thor.local. For more options, visit https://groups.google.com/d/optout.
