If csrftoken cookie is set to HttpOnly, getCookie will not be able to fetch the token

morlandi / django-ajax-datatable

A Django app which provides the integration of a Django project with the jQuery Javascript library DataTables.net

MIT License

208 stars 64 forks source link

If csrftoken cookie is set to HttpOnly, getCookie will not be able to fetch the token #27

Closed shuki25 closed 3 years ago

shuki25 commented 3 years ago

Relates to issue #4 with more information.

If a Django project setting sets the CSRF_COOKIE_HTTPONLY = True then GetCookie function will not work. It becomes a problem for us if we want to keep our site secure, including cookies to prevent CSRF. Refer to Django documentation for an alternative: Getting CSRF token value when CSRF_COOKIE_HTTPONLY=True

For more information about HttpOnly: HTTP cookie - Secure and HttpOnly

morlandi commented 3 years ago

Very interesting; thank you ! I'll cope with it asap

morlandi commented 3 years ago

Fixed merging PR #28