disable http csrf cookie param so it can be sent via ajax

2017-03-20 08:54:36 +00:00 · 2017-03-20 08:54:36 +00:00 · 8ec4cea078
parent 4afc2c2127
commit 8ec4cea078
1 changed files with 2 additions and 1 deletions
--- a/config/settings/stage.py
+++ b/config/settings/stage.py
@ -41,7 +41,8 @@ SESSION_COOKIE_SECURE = True
 SESSION_COOKIE_HTTPONLY = True
 #SECURE_SSL_REDIRECT = env.bool('DJANGO_SECURE_SSL_REDIRECT', default=True)
 CSRF_COOKIE_SECURE = True
-CSRF_COOKIE_HTTPONLY = True
+#disabledd so csrf works with ajax
+CSRF_COOKIE_HTTPONLY = False
 X_FRAME_OPTIONS = 'DENY'

 # SITE CONFIGURATION