On Sun, Apr 19, 2020 at 1:12 PM guettli <guettli.goo...@thomas-guettler.de> wrote:
> iI look at this page: https://docs.djangoproject.com/en/3.0/ref/csrf/ > ... and then I look at this page: https://scotthelme.co.uk/csrf-is-dead/ > > Is a CSRF token still needed today? > > All my users use a modern browser. > > It would be very nice if I could get rid of the CSRF token. > > Is there a safe way to avoid CSRF tokens in my Django project? > > Regards, > Thomas > > -- > You received this message because you are subscribed to the Google Groups > "Django users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to django-users+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/django-users/487c7392-e874-4a1e-a1ff-488ab933ae42%40googlegroups.com > <https://groups.google.com/d/msgid/django-users/487c7392-e874-4a1e-a1ff-488ab933ae42%40googlegroups.com?utm_medium=email&utm_source=footer> > . > For my projects, I am going to keep CSRF tokens. The time taken to put one in a template is minimal, and I don't run the risk of turning off CSRF somewhere and having that be the reason for an incident. -Jorge -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CANfN%3DK_PepV5HtWE34W-7CR-cQiPTsyv%2BTM5JNA7b7iocH0Uow%40mail.gmail.com.
