Hi David, could you please explain how cross site forgery requests can happen with the current default for cookies (SameSite=Lax)?
Am Montag, 20. April 2020 14:43:10 UTC+2 schrieb David Merrick: > > if you want cross site forgery requests get rid off it > > On Mon, Apr 20, 2020 at 10:45 PM Andréas Kühne <andrea...@hypercode.se > <javascript:>> wrote: > >> Why is it a problem to have? You add one specific command on all forms - >> or you disable it in the view.... >> >> What do you want to accomplish by removing it? >> >> Regards, >> >> Andréas >> >> >> Den sön 19 apr. 2020 kl 22:12 skrev guettli <guettl...@thomas-guettler.de >> <javascript:>>: >> >>> iI look at this page: https://docs.djangoproject.com/en/3.0/ref/csrf/ >>> ... and then I look at this page: https://scotthelme.co.uk/csrf-is-dead/ >>> >>> Is a CSRF token still needed today? >>> >>> All my users use a modern browser. >>> >>> It would be very nice if I could get rid of the CSRF token. >>> >>> Is there a safe way to avoid CSRF tokens in my Django project? >>> >>> Regards, >>> Thomas >>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "Django users" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to django...@googlegroups.com <javascript:>. >>> To view this discussion on the web visit >>> https://groups.google.com/d/msgid/django-users/487c7392-e874-4a1e-a1ff-488ab933ae42%40googlegroups.com >>> >>> <https://groups.google.com/d/msgid/django-users/487c7392-e874-4a1e-a1ff-488ab933ae42%40googlegroups.com?utm_medium=email&utm_source=footer> >>> . >>> >> -- >> You received this message because you are subscribed to the Google Groups >> "Django users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to django...@googlegroups.com <javascript:>. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/django-users/CAK4qSCeO0bkxsGYFc7t-V7%2BZnr965gYAG0oALB0ELtoJjojedg%40mail.gmail.com >> >> <https://groups.google.com/d/msgid/django-users/CAK4qSCeO0bkxsGYFc7t-V7%2BZnr965gYAG0oALB0ELtoJjojedg%40mail.gmail.com?utm_medium=email&utm_source=footer> >> . >> > > > -- > Dave Merrick > > TutorInvercargill > > http://tutorinvercargill.co.nz > > Daves Web Designs > > Website http://www.daveswebdesigns.co.nz > > Email merri...@gmail.com <javascript:> > > Ph 03 216 2053 > > Cell 027 3089 169 > -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/c33f7b81-2e74-480c-b1fe-acd5f28468ac%40googlegroups.com.
