Refs #16010 -- Required CSRF_TRUSTED_ORIGINS setting to include the scheme.

2025-10-31 09:41:08 +00:00 · 2021-01-12 19:55:02 -05:00
parent 9bf5e9418f
commit dba44a7a7a
8 changed files with 89 additions and 7 deletions
--- a/docs/ref/checks.txt
+++ b/docs/ref/checks.txt
@@ -123,6 +123,9 @@ upgrading Django.
 * **2_0.W001**: Your URL pattern ``<pattern>`` has a ``route`` that contains
  ``(?P<``, begins with a ``^``, or ends with a ``$``. This was likely an
  oversight when migrating from ``url()`` to :func:`~django.urls.path`.
+* **4_0.E001**: As of Django 4.0, the values in the
+  :setting:`CSRF_TRUSTED_ORIGINS` setting must start with a scheme (usually
+  ``http://`` or ``https://``) but found ``<hostname>``.

 Caches
 ------