Hi,
While working on turning on CSRF_USE_SESSIONS for a project, I noticed that
the documentation recommends the following to retrieve the value:
```
{% csrf_token %}
<script>
const csrftoken =
document.querySelector('[name=csrfmiddlewaretoken]').value;
</script>
```
I am wondering why not doing the following instead?
```
<script>
const csrftoken = “{{ csrf_token }}";
</script>
```
Is there some other security benefits I’m not thinking of?
Regards
Arthur
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-users/CADOBPEHHoi8yY8cxyMa5jXjcz60MDFiOFW338g%2BAGwqBnEb84A%40mail.gmail.com.
