I've set this variable in the settings file like this:
我在设置文件中设置了这个变量,如下所示:
SESSION_COOKIE_HTTPONLY = True
but when I open the website with Google Chrome HttpOnly does not show up in set-cookie.
但是当我用谷歌Chrome打开网站时,HttpOnly没有显示在set-cookie中。
My webserver is Apache2.4, and the website is using Https protocol.
我的网络服务器是Apache2.4,网站使用的是Https协议。
1 个解决方案
#1
0
I think what you are looking for is CSRF_COOKIE_HTTPONLY. Add it to your setting:
我认为您正在寻找的是CSRF_COOKIE_HTTPONLY。将其添加到您的设置:
CSRF_COOKIE_HTTPONLY = True
PLease note that this will make sending AJAX requests a little harder. You will have to pull it from the page instead of getting it from the cookie.
请注意,这将使发送AJAX请求更加困难。您必须从页面中提取它,而不是从cookie中获取它。
Hope it helps!
希望能帮助到你!
#1
0
I think what you are looking for is CSRF_COOKIE_HTTPONLY. Add it to your setting:
我认为您正在寻找的是CSRF_COOKIE_HTTPONLY。将其添加到您的设置:
CSRF_COOKIE_HTTPONLY = True
PLease note that this will make sending AJAX requests a little harder. You will have to pull it from the page instead of getting it from the cookie.
请注意,这将使发送AJAX请求更加困难。您必须从页面中提取它,而不是从cookie中获取它。
Hope it helps!
希望能帮助到你!