[GeoNode-devel] Reg: Use of httponly flag for cookie in GeoNode
naresh919 at gmail.com
Tue Aug 20 04:05:42 PDT 2019
I could able to resolve the issue. The following changes are done.
1. Settings.py * CSRF_COOKIE_HTTPONLY=True*
*2.* In following files *X-CSRFToken* value is assigned using the var
csrftoken = jQuery("[name=csrfmiddlewaretoken]").val();
On Mon, Aug 19, 2019 at 3:05 PM Naresh N <naresh919 at gmail.com> wrote:
> Dear all,
> The following changes are made to enable HTTPOnly flag for cookies
> 1. In settings.py * CSRF_COOKIE_HTTPONLY=True*
> 2.* X-CSRFToken* value is set using the jquery -- *var csrftoken =
> After doing the above changes layers are not getting upload and showing
> CSRF validation failed. Please find the attached screenshot with this mail.
> Kindly help me to fix the issue. Apart from above mentioned places is any
> other places need changes?
> On Fri, Aug 16, 2019 at 1:46 PM Naresh N <naresh919 at gmail.com> wrote:
>> Dear All,
>> Kindly help on regarding httponly flag for cookie use in GeoNode.
>> On Wed, Aug 14, 2019 at 3:03 PM Naresh N <naresh919 at gmail.com> wrote:
>>> Dear All,
>>> We have used GeoNode for development of our portal.
>>> As a part of security measures,we have to use cookie set with httponly
>>> flag. I have enabled the flag CSRF_COOKIE_HTTPONLY as true in
>>> settings.py, then* upload layers* and other *ajax_requsts functions
>>> are not working.*
>>> Please suggest how to over come this. Which are all the places need to
>>> modify the code.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the geonode-devel