Hi Vermus, Calling this a security "breach" is a bit inaccurate; but I certainly agree that it is good practice to make the framework undetectable from the client side.
That's why there's a setting that does exactly what you suggest: https://docs.djangoproject.com/en/1.8/ref/settings/#csrf-cookie-name Yours, Russ Magee %-) On Tue, Apr 28, 2015 at 3:27 PM, Vermus <[email protected]> wrote: > Hi, i found, that my site is detected by > http://trends.builtwith.com/framework/Django-CSRF by crfstoken header. > I think, it's security breach, when users know what framework is used on > server side. > There must have such web server tuning, that no one can detect framework > and server side programming language. > > -- > You received this message because you are subscribed to the Google Groups > "Django users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > Visit this group at http://groups.google.com/group/django-users. > To view this discussion on the web visit > https://groups.google.com/d/msgid/django-users/768a1d03-e749-428a-8094-4a2d2f27e873%40googlegroups.com > <https://groups.google.com/d/msgid/django-users/768a1d03-e749-428a-8094-4a2d2f27e873%40googlegroups.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/django-users. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CAJxq84_eWoKaAwpYWeGkMa%3DZMFNAh3Qxe0REqBtydDRPYRpBmA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
