mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-10-31 09:41:08 +00:00
Code Issues 32 Releases Wiki Activity

Refs #32800 -- Removed CSRF_COOKIE_MASKED transitional setting per deprecation timeline.

Browse Source
This commit is contained in:
Mariusz Felisiak
2023-01-12 12:47:42 +01:00
parent daf88e778b
commit e01970e9d2
8 changed files with 9 additions and 103 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
docs/releases/4.1.txt
View File

@@ -98,16 +98,15 @@ See :ref:`the Forms section (below)<forms-4.1>` for full details.
``CSRF_COOKIE_MASKED`` setting
------------------------------
The new :setting:`CSRF_COOKIE_MASKED` transitional setting allows specifying
whether to mask the CSRF cookie.
The new ``CSRF_COOKIE_MASKED`` transitional setting allows specifying whether
to mask the CSRF cookie.
:class:`~django.middleware.csrf.CsrfViewMiddleware` no longer masks the CSRF
cookie like it does the CSRF token in the DOM. If you are upgrading multiple
instances of the same project to Django 4.1, you should set
:setting:`CSRF_COOKIE_MASKED` to ``True`` during the transition, in
order to allow compatibility with the older versions of Django. Once the
transition to 4.1 is complete you can stop overriding
:setting:`CSRF_COOKIE_MASKED`.
``CSRF_COOKIE_MASKED`` to ``True`` during the transition, in order to allow
compatibility with the older versions of Django. Once the transition to 4.1 is
complete you can stop overriding ``CSRF_COOKIE_MASKED``.
This setting is deprecated as of this release and will be removed in Django
5.0.