On Sun, Apr 19, 2020 at 1:12 PM guettli <[email protected]> wrote:
> iI look at this page: https://docs.djangoproject.com/en/3.0/ref/csrf/ > ... and then I look at this page: https://scotthelme.co.uk/csrf-is-dead/ > > Is a CSRF token still needed today? > > All my users use a modern browser. > > It would be very nice if I could get rid of the CSRF token. > > Is there a safe way to avoid CSRF tokens in my Django project? > > Regards, > Thomas > > -- > You received this message because you are subscribed to the Google Groups > "Django users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/django-users/487c7392-e874-4a1e-a1ff-488ab933ae42%40googlegroups.com > <https://groups.google.com/d/msgid/django-users/487c7392-e874-4a1e-a1ff-488ab933ae42%40googlegroups.com?utm_medium=email&utm_source=footer> > . > For my projects, I am going to keep CSRF tokens. The time taken to put one in a template is minimal, and I don't run the risk of turning off CSRF somewhere and having that be the reason for an incident. -Jorge -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CANfN%3DK_PepV5HtWE34W-7CR-cQiPTsyv%2BTM5JNA7b7iocH0Uow%40mail.gmail.com.
