Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
No CSRF cookie for docs pages #4153
Most doc pages are served directly from nginx, so is this a common issue in production?
I'd also imagine the footer API could be setting cookies, and would likely be called on all pages.
Looks like the 404 page also sets a cookie:
I tracked this problem down a little deeper. It looks like the cookie getting set unnecessarily is 100% due to the 404 page setting the CSRF cookie. The 404 page sets the CSRF cookie because of the set language form in the footer of the 404 page. I failed to notice this partially because some of our docs (notably https://docs.readthedocs.io/en/latest/) always have a 404 due to this (unnecessary?) line but others don't.
I see a couple solutions:
Just want to mention that we might need the same for the corporate site on the same files:
The other templates modified in PRs are not override in corporate, so nothing to do I suppose.