<div dir="ltr"><div>Dear all,</div><div><br></div><div>The following changes are made to enable HTTPOnly flag for cookies</div><div><br></div><div>1. In settings.py <b> CSRF_COOKIE_HTTPONLY=True</b></div><div>2.<b> X-CSRFToken</b> value is set using the jquery -- <b>var csrftoken = jQuery("[name=csrfmiddlewaretoken]").val();</b></div><div><br></div><div>After doing the above changes layers are not getting upload and showing CSRF validation failed. Please find the attached screenshot with this mail.</div><div><br></div><div>Kindly help me to fix the issue. Apart from above mentioned places is any other places need changes?</div><div><br></div><div>Thanks&Regards,</div><div>Naresh.N</div><div><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, Aug 16, 2019 at 1:46 PM Naresh N <<a href="mailto:naresh919@gmail.com">naresh919@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Dear All,<div><br></div><div>Kindly help on regarding httponly flag for cookie use in GeoNode.</div><div><br></div><div>Thanks&Regards,</div><div>Naresh.N</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Wed, Aug 14, 2019 at 3:03 PM Naresh N <<a href="mailto:naresh919@gmail.com" target="_blank">naresh919@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Dear All,<div><br></div><div>We have used GeoNode for development of our portal.</div><div>As a part of security measures,we have to use cookie set with httponly flag. I have enabled the flag CSRF_COOKIE_HTTPONLY as true in settings.py, then<b> upload layers</b> and other <b>ajax_requsts functions are not working.</b></div><div><br></div><div>Please suggest how to over come this. Which are all the places need to modify the code.</div><div><br></div><div>Thanks&Regards,</div><div>Naresh.N</div></div>
</blockquote></div>
</blockquote></div>