Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Avoid hard-coding the csrf cookie name #11524

Open
jacobtylerwalls opened this issue Oct 3, 2024 · 1 comment
Open

Avoid hard-coding the csrf cookie name #11524

jacobtylerwalls opened this issue Oct 3, 2024 · 1 comment

Comments

@jacobtylerwalls
Copy link
Member

Throughout the frontend, we assume that the name of the CSRF cookie is csrftoken. That's the default supplied by Django, but it's configurable via CSRF_COOKIE_NAME, and especially as we move to arches applications architectures, we might want to start disambiguating it?

Suggest that we expose this setting to the frontend so that, for example, a vue frontend no longer hard codes this default name.
@chiatt chiatt added this to pipeline Oct 3, 2024
@jacobtylerwalls
Copy link
Member Author

May as well handle CSRF_HEADER_NAME at the same time.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
pipeline
Status: No status
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jacobtylerwalls