Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Name of CSRF cookie is hard-coded.
See original GitHub issueHey folks,
I’ve run into a problem with CSRF while using Dash with Django. The gist of it is that the route handler in our setup used for processing the _dash-update-component call requires CSRF (not something we can turn off). This is all fine, however, api.js in dash-renderer
hardcodes the name of the cookie to read the token from
'X-CSRFToken': cookie.parse(document.cookie)._csrf_token
This means that we have to either change our cookie names across the project, or simply not use dash. I’d rather use it cause it’s a great product, but I can’t change our cookie name across the board.
Would it be possible to make this value configurable?
Thanks!
Issue Analytics
- State:
- Created 6 years ago
- Reactions:2
- Comments:7 (5 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
I believe that we aren’t actually using this token anymore, as we removed CSRF protection in https://github.com/plotly/dash/pull/146. This logic wasn’t removed in the dash front-end, and so I believe we are safe to remove it.
We’re merging
dash-rendererinto thedashrepo. Moving this issue to thedashrepo in case anyone is interested in following up. As mentioned we’d happily accept a PR to make the cookie and header configurable.