Avoid hard-coding the csrf cookie name

Question

Avoid hard-coding the csrf cookie name

Opened this issue 3 months ago · 1 comments

Throughout the frontend, we assume that the name of the CSRF cookie is csrftoken. That's the default supplied by Django, but it's configurable via CSRF_COOKIE_NAME, and especially as we move to arches applications architectures, we might want to start disambiguating it?

Suggest that we expose this setting to the frontend so that, for example, a vue frontend no longer hard codes this default name.

Answer 1 · 2024-10-03T14:10:54.000Z

May as well handle CSRF_HEADER_NAME at the same time.