Shouldn't we consider to put the CSRF token onto the deprecation list anyway? All browsers released later than 2017 support the 'SameSite' cookie attribute <https://caniuse.com/?search=SameSite>, making the CSRF token obsolete. I don't know what kind of policy the Django Project follows in deprecating browsers, but we can expect that IE, Edge<16, Safari<12, Chrome<51, etc. won't play a major role when Django-4 (or maybe 5?) will be released.
Strictly speaking, the CSRF token is a hack/workaround which in an ideal world shouldn't be required anyway. And it always has been painful having to fiddle with it in my Django Form Views. Just my two cents, Jacob -- You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-developers+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/311bb8a8-5d84-4111-91ee-619ae8e8782an%40googlegroups.com.
