OK, thanks everyone for the replies. It looks like I'll have to regenerate the secret_key (not token). Thankfully, I have not actually deployed the site yet. So the pain should be minimal and limited to just me.
On Friday, September 25, 2015 at 3:34:37 AM UTC-7, Gordon Reeder wrote: > > I'm learning Django and still very new at it. And like a newbie, I may > have made a newbie goof. > I have leaked my CSRF token. > I am building up a web site with Django which I have under revision > control with Git. I have pushed two commits of the project out to Github. > The commits included the settings.py file, which list the CSRF token. I > have read (after the fact) that maybe that wasn't the smartest thing to do. > > So now what? > > Can I remove the settings.py file from Github? > Or can I generate a new CSRF token? > > Any suggestions? > -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/django-users. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/912c4a9b-6058-429a-8b02-c2645b464faa%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
