19 apr. 2020 kl 22:12 skrev guettli <
>>> guettl...@thomas-guettler.de>:
>>>
>>>> iI look at this page: https://docs.djangoproject.com/en/3.0/ref/csrf/
>>>> ... and then I look at this page:
>>>> https://scotthelme.co.uk/csrf-is-dead/
>>>>
The original blog post you posted seems to answer this question. Further it
states "It's going to be a long time until we can consider removing
traditional anti-CSRF mechanisms but adding SameSite on top of those gives
us an incredibly robust defence." Like most things in security, I think
this is
Am Sonntag, 19. April 2020 23:11:59 UTC+2 schrieb Alex Heyden:
>
> Django supports samesite on session cookies now, and it's on (set to lax)
> by default. Whether or not that completely covers your surface risk to CSRF
> attacks is a somewhat different question.
>
>
AFAIK they can not happen.
ject.com/en/3.0/ref/csrf/
>> ... and then I look at this page: https://scotthelme.co.uk/csrf-is-dead/
>>
>> Is a CSRF token still needed today?
>>
>> All my users use a modern browser.
>>
>> It would be very nice if I could get rid of the CSRF token.
>>
>
t;
>>
>> Den sön 19 apr. 2020 kl 22:12 skrev guettli > >:
>>
>>> iI look at this page: https://docs.djangoproject.com/en/3.0/ref/csrf/
>>> ... and then I look at this page: https://scotthelme.co.uk/csrf-is-dead/
>>>
>>> Is a CSRF tok
gards,
>
> Andréas
>
>
> Den sön 19 apr. 2020 kl 22:12 skrev guettli <
> guettli.goo...@thomas-guettler.de>:
>
>> iI look at this page: https://docs.djangoproject.com/en/3.0/ref/csrf/
>> ... and then I look at this page: https://scotthelme.co.uk/csrf-is-dea
ge: https://docs.djangoproject.com/en/3.0/ref/csrf/
> ... and then I look at this page: https://scotthelme.co.uk/csrf-is-dead/
>
> Is a CSRF token still needed today?
>
> All my users use a modern browser.
>
> It would be very nice if I could get rid of the CSRF token.
>
> Is t
com/en/3.0/ref/csrf/
> ... and then I look at this page: https://scotthelme.co.uk/csrf-is-dead/
>
> Is a CSRF token still needed today?
>
> All my users use a modern browser.
>
> It would be very nice if I could get rid of the CSRF token.
>
> Is there a safe way to avoid CSR
On Sun, Apr 19, 2020 at 1:12 PM guettli
wrote:
> iI look at this page: https://docs.djangoproject.com/en/3.0/ref/csrf/
> ... and then I look at this page: https://scotthelme.co.uk/csrf-is-dead/
>
> Is a CSRF token still needed today?
>
> All my users use a modern browser.
&g
iI look at this page: https://docs.djangoproject.com/en/3.0/ref/csrf/
... and then I look at this page: https://scotthelme.co.uk/csrf-is-dead/
Is a CSRF token still needed today?
All my users use a modern browser.
It would be very nice if I could get rid of the CSRF token.
Is there a safe way
10 matches
Mail list logo