Comments (4)
adi-
commented on May 25, 2024
https://docs.djangoproject.com/en/1.9/ref/settings/#std:setting-CSRF_COOKIE_HTTPONLY
from django-markdownx.
Zahtu
commented on May 25, 2024
Sorry, i don't quite understand. I have set this to true, and the behavior of the markdownx-widget changed.
from django-markdownx.
timgraham
commented on May 25, 2024
I was looking at using this package on djangoproject.com and also ran into this issue. If you don't want to change this, it could be useful to document that the package doesn't work with CSRF_COOKIE_HTTPONLY=True but is there is reason the CSRF token couldn't be retrieved from a form input instead?
from django-markdownx.
adi-
commented on May 25, 2024
In my opinion CSRF_COOKIE_HTTPONLY = True is a misleading security advice. Look also at this https://groups.google.com/forum/#!topic/django-developers/nXjfLd8ba5k to get the idea.
However, if HTTP COOKIE is helping you out with something else, it could be a point to support injecting the token into a hidden input field.
from django-markdownx.
Related Issues (20)
- /markdownx/markdownify/ 404 not found error HOT 1
- Disable image resizing
- Typo in translation: "Deustch" needs to be changed to "Deutsch"
- Customization problem: override the default widget’s template HOT 2
- How can I init a preview / textarea dynamically after page has finished loading? HOT 4
- Does not function in Django 4.0 HOT 2
- Possible error in example docs HOT 1
- Create a release for the package HOT 2
- ImportError: cannot import name 'url' from django.conf.urls HOT 3
- DOC bug in link GITHUB 404 HOT 1
- Django 4 and file upload produces error HOT 5
- Using absolute paths for images? HOT 3
- Found a possible security concern HOT 2
- No cookie with key "csrftoken". Wrong name?
- Can't type `[` or `]` using a french keyboard on Windows
- MARKDOWNX_EDITOR_RESIZABLE does not appear to work in v4
- Can't add multiline code block HOT 1
- Release for Django 4.0 HOT 2
- getCookie() bug? HOT 1
- Simple optimization inside views.py HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from django-markdownx.