Sunday, April 19, 2020

CSRF token still needed today?

iI look at this page: https://docs.djangoproject.com/en/3.0/ref/csrf/
... and then I look at this page: https://scotthelme.co.uk/csrf-is-dead/

Is a CSRF token still needed today?

All my users use a modern browser.

It would be very nice if I could get rid of the CSRF token.

Is there a safe way to avoid CSRF tokens in  my Django project?

Regards,
  Thomas

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/487c7392-e874-4a1e-a1ff-488ab933ae42%40googlegroups.com.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)