Do you think it's worth a new setting to allow customizing the CSRF token name ('csrfmiddlewaretoken')?
It was proposed 9 years ago in https://code.djangoproject.com/ticket/12738 and closed as wontfix absent some justification. It was again proposed a few days ago in https://github.com/django/django/pull/10305 with the rationale: Wappalyzer identifies Django application with "csrfmiddlewaretoken" input name. https://github.com/AliasIO/Wappalyzer/blob/master/src/apps.json#L2471 I guess the idea is trying to obscure the fact that a site runs Django for some "security by obscurity." -- You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-developers+unsubscr...@googlegroups.com. To post to this group, send email to django-developers@googlegroups.com. Visit this group at https://groups.google.com/group/django-developers. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/01b25887-823e-4008-9ad4-51f80e7c2590%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.