Hi do you hire contract based python/django freelancer? We can help you in this and related tasks at fair prices. Reply or send email to [email protected] Best Regards, Divyesh Khamele, Pythonmate
On Thu, 1 Oct 2020, 6:31 pm Arthur Rio, <[email protected]> wrote: > Hi, > > While working on turning on CSRF_USE_SESSIONS for a project, I noticed > that the documentation recommends the following to retrieve the value: > > ``` > {% csrf_token %} > <script> > const csrftoken = > document.querySelector('[name=csrfmiddlewaretoken]').value; > </script> > ``` > > I am wondering why not doing the following instead? > > ``` > <script> > const csrftoken = “{{ csrf_token }}"; > </script> > ``` > > Is there some other security benefits I’m not thinking of? > > Regards > > Arthur > > -- > You received this message because you are subscribed to the Google Groups > "Django users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/django-users/CADOBPEHHoi8yY8cxyMa5jXjcz60MDFiOFW338g%2BAGwqBnEb84A%40mail.gmail.com > <https://groups.google.com/d/msgid/django-users/CADOBPEHHoi8yY8cxyMa5jXjcz60MDFiOFW338g%2BAGwqBnEb84A%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CAH9mneXSsVbUTuj%3D94mzTxf%3DzUj6pw8i8ga33rOcDk02Ty9H3Q%40mail.gmail.com.
