On Sat, 18 Aug 2018 21:27:02 +0200 Adam Johnson <m...@adamj.eu> wrote:
> I'm not sure introducing this change because one analyzer tool > currently picks up on the signal is a great reason, only a little bit > of potential obscurity is gained. Especially since it's a problem for > big sites deploying it, as Aymeric points out we'd need to write a > shim. > +1. On Sat, 18 Aug 2018 at 18:31, Aymeric Augustin <aymeric.augus...@polytechnique.org> wrote: > Perhaps we could reuse settings.CSRF_COOKIE_NAME there instead of the > hardcoded "csrfmiddlewaretoken"? That would meet the stated goal > without introducing a new setting. Also it feels sensible to me to > use the same name for the input and the cookie. This sort of reuse feels wrong to me -- if we do allow changing the name, I'd be -0.5 on reusing the setting and tying these two names to eachother. -- You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-developers+unsubscr...@googlegroups.com. To post to this group, send email to django-developers@googlegroups.com. Visit this group at https://groups.google.com/group/django-developers. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/20180818231621.2a75327b.shai%40platonix.com. For more options, visit https://groups.google.com/d/optout.
