> If this is a terrible Idea, I would like to know why POST requests are the
> only methods that allows the CSRF token to be sent along with the payload
> directly instead of setting the token in the Header.
That behaviour is because GET and POST are the only two methods supported by
browsers f
Triaged
---
https://code.djangoproject.com/ticket/28156 - User.has_perm always returns
False for a custom permission inherited from group (invalid)
https://code.djangoproject.com/ticket/28123 -
django.utils.html.smart_urlquote() is incorrectly parsing the query string
(accepted)
https:
Hello,
in the djangoproject.com the search is powered by elasticsearch.
Since the site uses postgresql as database backend I want propose to use
the Full-Text Search function provided by django.contrib.postgres.search
module.
I presented a talk "Full-Text Search in Django with PostgreSQL" at t
I came across this issue, because i'm building a SPA with Vue and Django
Rest Framework as the backend.
I'm using SessionAuthentication Which requires that the CSRF token must be
sent along with the data for HTTP methods that Change State on the Server
if not the request would be flagged as inv
Details are available on the Django project weblog:
https://www.djangoproject.com/weblog/2017/may/06/bugfix-release/
--
You received this message because you are subscribed to the Google Groups
"Django developers (Contributions to Django itself)" group.
To unsubscribe from this group and stop
