Re: [Django] #35796: Add setting to sign CSRF cookie

[Django]

#35796: Add setting to sign CSRF cookie
-------------------------------------+-------------------------------------
     Reporter:  Benjamin  Zagorsky   |                    Owner:  (none)
         Type:  New feature          |                   Status:  closed
    Component:  CSRF                 |                  Version:  dev
     Severity:  Normal               |               Resolution:  wontfix
     Keywords:  csrf cookie signing  |             Triage Stage:
                                     |  Unreviewed
    Has patch:  0                    |      Needs documentation:  0
  Needs tests:  0                    |  Patch needs improvement:  0
Easy pickings:  0                    |                    UI/UX:  0
-------------------------------------+-------------------------------------
Changes (by Natalia Bidart):

 * component:  Core (Other) => CSRF
 * easy:  1 => 0
 * keywords:  csrf cookie => csrf cookie signing
 * resolution:   => wontfix
 * status:  new => closed

Comment:

 Hello Benjamin!

 Adding a new setting to Django is quite controversial, and something that
 we try to avoid. Because of that, this requires an explicit agreement with
 the community. Besides the new setting proposal, I do understand that this
 report comes along with a new feature request, which would be adding
 "automatic" CSRF cookie signing to Django. For cases like this, the
 recommended path forward is to first propose and discuss the idea with the
 community and gain consensus. To do that, please consider starting a new
 conversation on the [https://forum.djangoproject.com/c/internals/5 Django
 Forum], where you'll reach a broader audience and receive additional
 feedback.

 I'll close the ticket for now, but if the community agrees with the
 proposal, please return to this ticket and reference the forum discussion
 so we can re-open it. For more information, please refer to
 [https://docs.djangoproject.com/en/stable/internals/contributing/bugs-and-
 features/#requesting-features the documented guidelines for requesting
 features].

 Thanks!
-- 
Ticket URL: <https://code.djangoproject.com/ticket/35796#comment:1>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/01070192300bbde6-f9b11f4b-cddc-4949-aff3-6cc93994d207-000000%40eu-central-1.amazonses.com.