#33360: Add missing support for `Origin: null` (`CSRF_TRUSTED_ORIGINS`)
-------------------------------------+-------------------------------------
Reporter: Tomasz Wójcik | Owner: nobody
Type: Uncategorized | Status: new
Component: CSRF | Version: 4.0
Severity: Normal | Resolution:
Keywords: | Triage Stage:
origin,CSRF_TRUSTED_ORIGINS,null | Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Comment (by Tomasz Wójcik):
I don't think I have the power to summon someone, but in 16010 Adam
Johnson has been CCed and he once wrote
[https://github.com/adamchainz/django-cors-
headers/issues/241#issuecomment-315537226 browsers send `Origin: null` for
localhost/127.0.0.1]
(I will try anyway): CC Adam Johnson please confirm if it still holds
true.
--
Ticket URL: <https://code.djangoproject.com/ticket/33360#comment:1>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/067.4de3f8661ba849d91f0cd42dff138310%40djangoproject.com.
