#11566: CSRF documentation problem
------------------------------------+---------------------------------------
Reporter: benlbroussard | Owner: nobody
Status: closed | Milestone:
Component: Documentation | Version: 1.0
Resolution: invalid | Keywords:
Stage: Unreviewed | Has_patch: 0
Needs_docs: 0 | Needs_tests: 0
Needs_better_patch: 0 |
------------------------------------+---------------------------------------
Changes (by lukeplant):
* status: new => closed
* needs_better_patch: => 0
* resolution: => invalid
* needs_tests: => 0
* needs_docs: => 0
Comment:
Cross-domain img, css etc. requests are not "XMLHttpRequest requests", and
they are irrelevant because you cannot get the browser to set the X
-Requested-With header for those requests. As for XMLHttpRequest itself,
by looking at logs etc., I've verified that I cannot produce a cross-
domain GET request or POST request using XMLHttpRequest (with the browsers
I've tested at least). So this bug report appears to be invalid. If
there are some browsers where you can use XMLHttpRequest to do a cross-
domain request, please re-open, indicating which browsers.
--
Ticket URL: <http://code.djangoproject.com/ticket/11566#comment:1>
Django <http://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en
-~----------~----~----~----~------~----~------~--~---
