You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
CSRF is now automatic on Cookie based authentication ( now you should be able to combine multiple cookie/header/etc authenticators and play around with csrf logic)
I was wondering if any of you folks could elaborate more on what this means and share a small example of what things we could do now that we couldn't before.
I have been wanting to disable CSRF to some of my routes that use Django cookie based auth (with csrf) in non prod envs controlled by some setting, etc. Like ideally I could disable csrf in certain envs but ensure it is active for prod. Let me know if that doesn't sense. To my knowledge I don't believe that has been possible, at least pre v1.0.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Hey folks. Been using Django Ninja for the past 6 months or so and it has been fantastic so thank you!
I was reading the high level release notes in the Github Release for v1.0RC and saw:
I was wondering if any of you folks could elaborate more on what this means and share a small example of what things we could do now that we couldn't before.
I have been wanting to disable CSRF to some of my routes that use Django cookie based auth (with csrf) in non prod envs controlled by some setting, etc. Like ideally I could disable csrf in certain envs but ensure it is active for prod. Let me know if that doesn't sense. To my knowledge I don't believe that has been possible, at least pre v1.0.
Beta Was this translation helpful? Give feedback.
All reactions