[GeoNode-devel] Reg: Use of httponly flag for cookie in GeoNode
Naresh N
naresh919 at gmail.com
Mon Aug 19 02:35:40 PDT 2019
Dear all,
The following changes are made to enable HTTPOnly flag for cookies
1. In settings.py * CSRF_COOKIE_HTTPONLY=True*
2.* X-CSRFToken* value is set using the jquery -- *var csrftoken =
jQuery("[name=csrfmiddlewaretoken]").val();*
After doing the above changes layers are not getting upload and showing
CSRF validation failed. Please find the attached screenshot with this mail.
Kindly help me to fix the issue. Apart from above mentioned places is any
other places need changes?
Thanks&Regards,
Naresh.N
On Fri, Aug 16, 2019 at 1:46 PM Naresh N <naresh919 at gmail.com> wrote:
> Dear All,
>
> Kindly help on regarding httponly flag for cookie use in GeoNode.
>
> Thanks&Regards,
> Naresh.N
>
> On Wed, Aug 14, 2019 at 3:03 PM Naresh N <naresh919 at gmail.com> wrote:
>
>> Dear All,
>>
>> We have used GeoNode for development of our portal.
>> As a part of security measures,we have to use cookie set with httponly
>> flag. I have enabled the flag CSRF_COOKIE_HTTPONLY as true in
>> settings.py, then* upload layers* and other *ajax_requsts functions are
>> not working.*
>>
>> Please suggest how to over come this. Which are all the places need to
>> modify the code.
>>
>> Thanks&Regards,
>> Naresh.N
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/geonode-devel/attachments/20190819/7e81b381/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: csrf.PNG
Type: image/png
Size: 208197 bytes
Desc: not available
URL: <http://lists.osgeo.org/pipermail/geonode-devel/attachments/20190819/7e81b381/attachment-0001.png>
More information about the geonode-devel
mailing list