mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-08-04 02:48:35 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Fixed #15808 -- Added optional HttpOnly flag to the CSRF Cookie.

Browse source 
Thanks Samuel Lavitt for the report and Sascha Peilicke for the patch.
This commit is contained in:
Aymeric Augustin 2013-02-07 09:48:08 +01:00
parent 6afc85af47
commit 720888a146
6 changed files with 23 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

1
docs/ref/contrib/csrf.txt
View file

@ -491,6 +491,7 @@ Settings
A number of settings can be used to control Django's CSRF behavior:
* :setting:`CSRF_COOKIE_DOMAIN`
* :setting:`CSRF_COOKIE_HTTPONLY`
* :setting:`CSRF_COOKIE_NAME`
* :setting:`CSRF_COOKIE_PATH`
* :setting:`CSRF_COOKIE_SECURE`