reading more carefully, I see our docs don't mention CSRF_COOKIE_HTTPONLY so they aren't wrong. (They reference CSRF_COOKIE_SECURE) But also this suggests that no investigation has been done on potential side-effects.
reading more carefully, I see our docs don't mention CSRF_COOKIE_ HTTPONLY so they aren't wrong. (They reference CSRF_COOKIE_SECURE) But also this suggests that no investigation has been done on potential side-effects.