From 8ec4cea0782ae595aa09f901417447d18ce47777 Mon Sep 17 00:00:00 2001
From: Oly <oliver.marks@influentialsoftware.com>
Date: Mon, 20 Mar 2017 08:54:36 +0000
Subject: [PATCH] disable http csrf cookie param so it can be sent via ajax

---
 config/settings/stage.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/config/settings/stage.py b/config/settings/stage.py
index c50dff0..cd6a73c 100644
--- a/config/settings/stage.py
+++ b/config/settings/stage.py
@@ -41,7 +41,8 @@ SESSION_COOKIE_SECURE = True
 SESSION_COOKIE_HTTPONLY = True
 #SECURE_SSL_REDIRECT = env.bool('DJANGO_SECURE_SSL_REDIRECT', default=True)
 CSRF_COOKIE_SECURE = True
-CSRF_COOKIE_HTTPONLY = True
+#disabledd so csrf works with ajax
+CSRF_COOKIE_HTTPONLY = False
 X_FRAME_OPTIONS = 'DENY'
 
 # SITE CONFIGURATION