Hi David, could you please explain how cross site forgery requests can happen with the current default for cookies (SameSite=Lax)?
Am Montag, 20. April 2020 14:43:10 UTC+2 schrieb David Merrick: > > if you want cross site forgery requests get rid off it > > On Mon, Apr 20, 2020 at 10:45 PM Andréas Kühne <[email protected] > <javascript:>> wrote: > >> Why is it a problem to have? You add one specific command on all forms - >> or you disable it in the view.... >> >> What do you want to accomplish by removing it? >> >> Regards, >> >> Andréas >> >> >> Den sön 19 apr. 2020 kl 22:12 skrev guettli <[email protected] >> <javascript:>>: >> >>> iI look at this page: https://docs.djangoproject.com/en/3.0/ref/csrf/ >>> ... and then I look at this page: https://scotthelme.co.uk/csrf-is-dead/ >>> >>> Is a CSRF token still needed today? >>> >>> All my users use a modern browser. >>> >>> It would be very nice if I could get rid of the CSRF token. >>> >>> Is there a safe way to avoid CSRF tokens in my Django project? >>> >>> Regards, >>> Thomas >>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "Django users" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected] <javascript:>. >>> To view this discussion on the web visit >>> https://groups.google.com/d/msgid/django-users/487c7392-e874-4a1e-a1ff-488ab933ae42%40googlegroups.com >>> >>> <https://groups.google.com/d/msgid/django-users/487c7392-e874-4a1e-a1ff-488ab933ae42%40googlegroups.com?utm_medium=email&utm_source=footer> >>> . >>> >> -- >> You received this message because you are subscribed to the Google Groups >> "Django users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] <javascript:>. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/django-users/CAK4qSCeO0bkxsGYFc7t-V7%2BZnr965gYAG0oALB0ELtoJjojedg%40mail.gmail.com >> >> <https://groups.google.com/d/msgid/django-users/CAK4qSCeO0bkxsGYFc7t-V7%2BZnr965gYAG0oALB0ELtoJjojedg%40mail.gmail.com?utm_medium=email&utm_source=footer> >> . >> > > > -- > Dave Merrick > > TutorInvercargill > > http://tutorinvercargill.co.nz > > Daves Web Designs > > Website http://www.daveswebdesigns.co.nz > > Email [email protected] <javascript:> > > Ph 03 216 2053 > > Cell 027 3089 169 > -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/c33f7b81-2e74-480c-b1fe-acd5f28468ac%40googlegroups.com.
