diff options
| author | Luke Plant <L.Plant.98@cantab.net> | 2011-05-09 23:00:22 +0000 |
|---|---|---|
| committer | Luke Plant <L.Plant.98@cantab.net> | 2011-05-09 23:00:22 +0000 |
| commit | 8cbcf1d3a60a0ba1a6f3ddde9317ac07b67c6c5d (patch) | |
| tree | 3c3167a0ee242211f6b2637e62c99ff34a896d15 /docs/ref | |
| parent | a75120927e52210c062cd54d1cf2a6968b507cf5 (diff) | |
Fixed #14134 - ability to set cookie 'path' and 'secure' attributes of CSRF cookie
Thanks to cfattarsi for the report and initial patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16200 bcc190cf-cafb-0310-a4f2-bffc1f526a37
Diffstat (limited to 'docs/ref')
| -rw-r--r-- | docs/ref/contrib/csrf.txt | 25 | ||||
| -rw-r--r-- | docs/ref/settings.txt | 29 |
2 files changed, 54 insertions, 0 deletions
diff --git a/docs/ref/contrib/csrf.txt b/docs/ref/contrib/csrf.txt index 88e9523719..b42dc26fbd 100644 --- a/docs/ref/contrib/csrf.txt +++ b/docs/ref/contrib/csrf.txt @@ -423,6 +423,31 @@ Default: ``'csrftoken'`` The name of the cookie to use for the CSRF authentication token. This can be whatever you want. +CSRF_COOKIE_PATH +---------------- + +.. versionadded:: 1.4 + +Default: ``'/'`` + +The path set on the CSRF cookie. This should either match the URL path of your +Django installation or be a parent of that path. + +This is useful if you have multiple Django instances running under the same +hostname. They can use different cookie paths, and each instance will only see +its own CSRF cookie. + +CSRF_COOKIE_SECURE +------------------ + +.. versionadded:: 1.4 + +Default: ``False`` + +Whether to use a secure cookie for the CSRF cookie. If this is set to ``True``, +the cookie will be marked as "secure," which means browsers may ensure that the +cookie is only sent under an HTTPS connection. + CSRF_FAILURE_VIEW ----------------- diff --git a/docs/ref/settings.txt b/docs/ref/settings.txt index f8a5e0f640..f5f1226f21 100644 --- a/docs/ref/settings.txt +++ b/docs/ref/settings.txt @@ -340,6 +340,35 @@ Default: ``'csrftoken'`` The name of the cookie to use for the CSRF authentication token. This can be whatever you want. See :doc:`/ref/contrib/csrf`. +.. setting:: CSRF_COOKIE_PATH + +CSRF_COOKIE_PATH +---------------- + +.. versionadded:: 1.4 + +Default: ``'/'`` + +The path set on the CSRF cookie. This should either match the URL path of your +Django installation or be a parent of that path. + +This is useful if you have multiple Django instances running under the same +hostname. They can use different cookie paths, and each instance will only see +its own CSRF cookie. + +.. setting:: CSRF_COOKIE_SECURE + +CSRF_COOKIE_SECURE +------------------ + +.. versionadded:: 1.4 + +Default: ``False`` + +Whether to use a secure cookie for the CSRF cookie. If this is set to ``True``, +the cookie will be marked as "secure," which means browsers may ensure that the +cookie is only sent under an HTTPS connection. + .. setting:: CSRF_FAILURE_VIEW CSRF_FAILURE_VIEW |
