On 31 Aug 2015, at 14:24, Carl Meyer wrote:
This solution is more powerful than just using CSRF_COOKIE_DOMAIN,
since
it also allows for separate-domain CORS situations in addition to
cross-subdomain requests. So I would consider this to be a good fix
for
\#24496; I don't think we need another ticket.
Great. I was able to get this together tonight.
* PR #5218 is open: https://github.com/django/django/pull/5218
* Ticket #24496 updated:
https://code.djangoproject.com/ticket/24496#comment:14
* Direct link to the patch:
https://code.djangoproject.com/attachment/ticket/24496/24496.diff
Feedback appreciated.
--jk
***
[me](http://kehn.us) | [@joshkehn](https://twitter.com/joshkehn)
--
You received this message because you are subscribed to the Google Groups "Django
developers (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/django-developers.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-developers/9E391BE9-ECE3-4567-BF4F-B15C45A6C626%40gmail.com.
For more options, visit https://groups.google.com/d/optout.
