This mailing list is for the development of Django itself, not for support
using Django. Please use the django-users mailing list for that, or IRC
#django on freenode, or a site like Stack Overflow.
On Fri, 15 Mar 2019 at 18:25, Guillermo Yáñez Feliú
wrote:
> Hello,
>
>
> I’m working in a
Hello,
I’m working in a project that consists in converting a local postgresql
database (that uses sqlalchemy as the ORM) into a web application, in which
I upload excel sheets, read them, do some small cleaning and then upload
selected data into a postgresql database using Django’s ORM.
Hi Flavio,
On Friday, March 15, 2019 at 2:56:16 PM UTC+1, Flávio Junior wrote:
>
> > shouldn't httponly yes/no control whether JS can read the data?
>
> Yes. But, on Django, the default is httponly false for CSRF cookie.
>
So even without httponly, Safari doesn't allow JS to read the CSRF
Hi Florian, thanks for your response.
> So this is a Safari bug?
Yes. Lax doesn't work as intended in Safari 12. Bug was confirmed here:
https://bugs.webkit.org/show_bug.cgi?id=188165#c37 (comment 37)
Apple also says the newest beta versions of iOS/Mac should fix the
issue:
Hi All,
Django 2.2rc1 is scheduled for today. There's a single release blocker that
just needs a little work:
https://github.com/django/django/pull/10978
As such, I'm looking towards Monday at this point.
Final release on April 1 should be unaffected.
Kind Regards,
Carlton
--
You
I am wondering if this also results in
https://code.djangoproject.com/ticket/29975 or if this is just a result of
their tracking protection. All in all it would be great to know what Safari
actually does… (sadly I do not own a Mac :/) I'll dig through #30250 soon.
> - User will not be logged
