mirror of
				https://github.com/django/django.git
				synced 2025-10-25 06:36:07 +00:00 
			
		
		
		
	Added clarifying note to docs for CSRF_COOKIE_DOMAIN
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16197 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
		| @@ -280,6 +280,8 @@ CSRF checks:: | |||||||
|     >>> from django.test import Client |     >>> from django.test import Client | ||||||
|     >>> csrf_client = Client(enforce_csrf_checks=True) |     >>> csrf_client = Client(enforce_csrf_checks=True) | ||||||
|  |  | ||||||
|  | .. _csrf-limitations: | ||||||
|  |  | ||||||
| Limitations | Limitations | ||||||
| =========== | =========== | ||||||
|  |  | ||||||
|   | |||||||
| @@ -319,11 +319,15 @@ CSRF_COOKIE_DOMAIN | |||||||
| Default: ``None`` | Default: ``None`` | ||||||
|  |  | ||||||
| The domain to be used when setting the CSRF cookie.  This can be useful for | The domain to be used when setting the CSRF cookie.  This can be useful for | ||||||
| allowing cross-subdomain requests to be exluded from the normal cross site | easily allowing cross-subdomain requests to be exluded from the normal cross | ||||||
| request forgery protection.  It should be set to a string such as | site request forgery protection.  It should be set to a string such as | ||||||
| ``".lawrence.com"`` to allow a POST request from a form on one subdomain to be | ``".lawrence.com"`` to allow a POST request from a form on one subdomain to be | ||||||
| accepted by accepted by a view served from another subdomain. | accepted by accepted by a view served from another subdomain. | ||||||
|  |  | ||||||
|  | Please note that the presence of this setting does not imply that Django's CSRF | ||||||
|  | protection is safe from cross-subdomain attacks by default - please see the | ||||||
|  | :ref:`CSRF limitations <csrf-limitations>` section. | ||||||
|  |  | ||||||
| .. setting:: CSRF_COOKIE_NAME | .. setting:: CSRF_COOKIE_NAME | ||||||
|  |  | ||||||
| CSRF_COOKIE_NAME | CSRF_COOKIE_NAME | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user