#29858: CSRF Token headers and documentation
-------------------------------+--------------------------------------
Reporter: StewPoll | Owner: nobody
Type: Uncategorized | Status: closed
Component: Documentation | Version: 2.1
Severity: Normal | Resolution: invalid
Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------+--------------------------------------
Changes (by Tim Graham):
* status: new => closed
* resolution: => invalid
Comment:
The difference is explained on the
[https://docs.djangoproject.com/en/dev/ref/settings/#csrf-header-name
settings reference] page:
As with other HTTP headers in `request.META`, the header name received
from the server is normalized by converting all characters to uppercase,
replacing any hyphens with underscores, and adding an `'HTTP_'` prefix to
the name. For example, if your client sends a `'X-XSRF-TOKEN'` header, the
setting should be `'HTTP_X_XSRF_TOKEN'`.
--
Ticket URL: <https://code.djangoproject.com/ticket/29858#comment:3>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/066.e3653adfeb3993c605516378e45a16fd%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.
