If the url name is not guessable (for example, it includes a secure random string, like django's forgot password url), that should provide enough security.
-- Though you can always pass in the csrf token using javascript:
https://docs.djangoproject.com/en/dev/ref/contrib/csrf/#ajax
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/1a8bdb6a-8ed1-4e23-b56d-bd222d34471a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
No comments:
Post a Comment