On August 4, 2014 at 3:52:56 PM, Wes Alvaro ([email protected]) wrote: > I don't see that as a drawback at all. Third party code should not be > concerned with the CSRF cookie information. There's a separation of > concerns that's being violated there. Are you speaking from knowledge of > 3rd party code needing access to this data or hypothetically? If you have > an example, I'd be interested to see why they are accessing it and why they > aren't implemented as a CSRF middleware. >
Well any thing with hardcoded cookie names in javascript would break with this setting although i’m inclined to say you shouldn’t change the setting in that case. -- Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA -- You received this message because you are subscribed to the Google Groups "Django developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/django-developers. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/etPan.53dfe589.6b8b4567.1280a%40Thor.local. For more options, visit https://groups.google.com/d/optout.
