I think it is worth mentioning that django enforces 'strict' referrer checking for secure (https) requests. Why is this important ? - because if a cookie backed implementation[0] is used then subdomain or other cookie 'tossing'[1] is made harder if not impossible.
I think it is worth mentioning that django enforces 'strict' referrer checking for secure (https) requests. Why is this important ? - because if a cookie backed implementation[0] is used then subdomain or other cookie 'tossing'[1] is made harder if not impossible.
[0] a random token stored in a cookie /github. com/blog/ 1466-yummy- cookies- across- domains
[1] https:/