mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-08-03 18:38:50 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Fixed #14134 - ability to set cookie 'path' and 'secure' attributes of CSRF cookie

Browse source 
Thanks to cfattarsi for the report and initial patch.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16200 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
Luke Plant 2011-05-09 23:00:22 +00:00
parent a75120927e
commit 8cbcf1d3a6
5 changed files with 76 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

25
docs/ref/contrib/csrf.txt
View file

@ -423,6 +423,31 @@ Default: ``'csrftoken'``
The name of the cookie to use for the CSRF authentication token. This can be
whatever you want.
CSRF_COOKIE_PATH
----------------
.. versionadded:: 1.4
Default: ``'/'``
The path set on the CSRF cookie. This should either match the URL path of your
Django installation or be a parent of that path.
This is useful if you have multiple Django instances running under the same
hostname. They can use different cookie paths, and each instance will only see
its own CSRF cookie.
CSRF_COOKIE_SECURE
------------------
.. versionadded:: 1.4
Default: ``False``
Whether to use a secure cookie for the CSRF cookie. If this is set to ``True``,
the cookie will be marked as "secure," which means browsers may ensure that the
cookie is only sent under an HTTPS connection.
CSRF_FAILURE_VIEW
-----------------

29
docs/ref/settings.txt
View file

@ -340,6 +340,35 @@ Default: ``'csrftoken'``
The name of the cookie to use for the CSRF authentication token. This can be whatever you
want. See :doc:`/ref/contrib/csrf`.
.. setting:: CSRF_COOKIE_PATH
CSRF_COOKIE_PATH
----------------
.. versionadded:: 1.4
Default: ``'/'``
The path set on the CSRF cookie. This should either match the URL path of your
Django installation or be a parent of that path.
This is useful if you have multiple Django instances running under the same
hostname. They can use different cookie paths, and each instance will only see
its own CSRF cookie.
.. setting:: CSRF_COOKIE_SECURE
CSRF_COOKIE_SECURE
------------------
.. versionadded:: 1.4
Default: ``False``
Whether to use a secure cookie for the CSRF cookie. If this is set to ``True``,
the cookie will be marked as "secure," which means browsers may ensure that the
cookie is only sent under an HTTPS connection.
.. setting:: CSRF_FAILURE_VIEW
CSRF_FAILURE_VIEW