Do you think it's worth a new setting to allow customizing the CSRF token
name ('csrfmiddlewaretoken')?
It was proposed 9 years ago in https://code.djangoproject.com/ticket/12738
and closed as wontfix absent some justification.
It was again proposed a few days ago in
https://github.com/django/django/pull/10305 with the rationale:
Wappalyzer identifies Django application with "csrfmiddlewaretoken" input
name.
https://github.com/AliasIO/Wappalyzer/blob/master/src/apps.json#L2471
I guess the idea is trying to obscure the fact that a site runs Django for
some "security by obscurity."
--
You received this message because you are subscribed to the Google Groups
"Django developers (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at https://groups.google.com/group/django-developers.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-developers/01b25887-823e-4008-9ad4-51f80e7c2590%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
