Hi,
While working on turning on CSRF_USE_SESSIONS for a project, I noticed that the documentation recommends the following to retrieve the value:
```
{% csrf_token %}
<script>
const csrftoken = document.querySelector('[name=csrfmiddlewaretoken]').value;
</script>
```
I am wondering why not doing the following instead?
```
<script>
const csrftoken = "{{ csrf_token }}";
</script>
```
Is there some other security benefits I'm not thinking of?
Regards
Arthur
No comments:
Post a Comment