[GeoNode-devel] Reg: Use of httponly flag for cookie in GeoNode

Naresh N naresh919 at gmail.com
Mon Aug 19 02:35:40 PDT 2019

Dear all,

The following changes are made to enable HTTPOnly flag for cookies

1. In settings.py   * CSRF_COOKIE_HTTPONLY=True*
2.* X-CSRFToken* value is set using the  jquery -- *var csrftoken =

After doing the above changes layers are not getting upload and showing
CSRF validation failed. Please find the attached screenshot with this mail.

Kindly  help me to fix the issue. Apart from above mentioned places is any
other places need changes?


On Fri, Aug 16, 2019 at 1:46 PM Naresh N <naresh919 at gmail.com> wrote:

> Dear All,
> Kindly help on regarding httponly flag for cookie use in GeoNode.
> Thanks&Regards,
> Naresh.N
> On Wed, Aug 14, 2019 at 3:03 PM Naresh N <naresh919 at gmail.com> wrote:
>> Dear All,
>> We have used GeoNode for development of  our portal.
>> As a part of security measures,we have to use cookie set with httponly
>> flag.  I have  enabled the flag CSRF_COOKIE_HTTPONLY  as true in
>> settings.py,  then* upload layers* and other *ajax_requsts functions are
>> not working.*
>> Please suggest how to over come this. Which are all the places need to
>> modify the code.
>> Thanks&Regards,
>> Naresh.N
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/geonode-devel/attachments/20190819/7e81b381/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: csrf.PNG
Type: image/png
Size: 208197 bytes
Desc: not available
URL: <http://lists.osgeo.org/pipermail/geonode-devel/attachments/20190819/7e81b381/attachment-0001.png>

More information about the geonode-devel mailing list