You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Cookie generated by CSRF middleware is containing attribute 'Secure', which means, that cookie can be transferred only by HTTPS. When using strict http client and using HTTP protocol (unsecured), cookie will not be send in following requests.
It would be good to check incoming request for type of protocol and set 'Secure' attribute based on that.
Potentially event X-Forwarded-For headers.
In production it makes sense to use HTTPS, so this issue will not occur often.
But for example for testing, there is no need for HTTPS at all and in such case this is an issue.
The text was updated successfully, but these errors were encountered:
Cookie generated by CSRF middleware is containing attribute 'Secure', which means, that cookie can be transferred only by HTTPS. When using strict http client and using HTTP protocol (unsecured), cookie will not be send in following requests.
It would be good to check incoming request for type of protocol and set 'Secure' attribute based on that.
Potentially event X-Forwarded-For headers.
In production it makes sense to use HTTPS, so this issue will not occur often.
But for example for testing, there is no need for HTTPS at all and in such case this is an issue.
The text was updated successfully, but these errors were encountered: