Skip to content

Commit

Permalink
settings: remove CSRF_COOKIE_HTTPONLY setting (#20)
Browse files Browse the repository at this point in the history 
Setting CSRF_COOKIE_HTTPONLY breaks the Django REST framework HTML forms UI
since it uses Javascript to query the CSRF token.
  • Loading branch information
@rjw57
rjw57 committed Sep 8, 2016
1 parent 968f22f commit 48e6417
Showing 1 changed file with 0 additions and 1 deletion.
1 change: 0 additions & 1 deletion edpcmentoring/edpcmentoring/settings.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -120,7 +120,6 @@
# Various security settings
SECURE_CONTENT_TYPE_NOSNIFF = True
SECURE_BROWSER_XSS_FILTER = True
CSRF_COOKIE_HTTPONLY = True
X_FRAME_OPTIONS = 'DENY'

# These settings require that we are *definitely* being served over HTTP+TLS.
Expand Down

0 comments on commit 48e6417

Please sign in to comment.