Hi, While working on turning on CSRF_USE_SESSIONS for a project, I noticed that the documentation recommends the following to retrieve the value:
``` {% csrf_token %} <script> const csrftoken = document.querySelector('[name=csrfmiddlewaretoken]').value; </script> ``` I am wondering why not doing the following instead? ``` <script> const csrftoken = “{{ csrf_token }}"; </script> ``` Is there some other security benefits I’m not thinking of? Regards Arthur -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CADOBPEHHoi8yY8cxyMa5jXjcz60MDFiOFW338g%2BAGwqBnEb84A%40mail.gmail.com.