Jan 19, 2017

Django HTTP only CSRF cookie

Django sets a CSRF cookie to protect against cross site request forgeries. By default this cookie is set to be accessible to JavaScript on your web page. That means, the cookie will be accessible to a malicious script running on this page, too. ...