Wednesday, June 30, 2021

In django you can either obtain a `csrftoken` from a cookie or the form can generate a nonce `csrftoken`. How does django validate both?

In django you can either obtain a `csrftoken` from a cookie. Or the form can generate a nonce `csrftoken`. How does django validate both and where are they stored on the server. Are they stored as part of the session?

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/83f3da74-ecbc-4197-9627-0c9ab9e8492fn%40googlegroups.com.

No comments:

Post a Comment