Django CSRF cookie HttpOnly

django csrf httponly
Mark picture Mark · Jun 2, 2012 · Viewed 14.5k times · Source

Is it possible to set the django csrf cookie to be http-only? Alike to SESSION_COOKIE_HTTPONLY with session cookie, but for the csrf one?

Answer

knite picture knite · Aug 27, 2013

A new setting, CSRF_COOKIE_HTTPONLY, is available in Django 1.6+.

Related questions

Django CSRF check failing with an Ajax POST request

I could use some help complying with Django's CSRF protection mechanism via my AJAX post. I've followed the directions here: http://docs.djangoproject.com/en/dev/ref/contrib/csrf/ I've copied the AJAX sample code they have on that page …

Read More
CSRF verification failed. Request aborted

I try to build a very simple website where one can add data into sqlite3 database. I have a POST form with two text input. index.html: {% if top_list %} <ul> <b><pre>Name …

Read More
Django Rest Framework remove csrf

I know that there are answers regarding Django Rest Framework, but I couldn't find a solution to my problem. I have an application which has authentication and some functionality. I added a new app to it, which uses Django Rest …

Read More