[Django] #27611: Remove check that suggests enabling CSRF_COOKIE_HTTPONLY setting

[Django]

#27611: Remove check that suggests enabling CSRF_COOKIE_HTTPONLY setting
-------------------------------------+-------------------------------------
Reporter: Tim | Owner: Tim Graham
Graham |
Type: | Status: assigned
Cleanup/optimization |
Component: Core | Version: master
(System checks) |
Severity: Normal | Keywords:
Triage Stage: Accepted | Has patch: 0
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 0 | Easy pickings: 0
UI/UX: 0 |
-------------------------------------+-------------------------------------
As discussed on [https://groups.google.com/d/topic/django-
developers/nXjfLd8ba5k/discussion django-developers],
`settings.CSRF_COOKIE_HTTPONLY` offers no practical benefit, so nudging
users to activate it isn't useful.

--
Ticket URL: <https://code.djangoproject.com/ticket/27611>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

[Django]

#27611: Remove check that suggests enabling CSRF_COOKIE_HTTPONLY setting
-------------------------------------+-------------------------------------

Reporter: Tim Graham | Owner: Tim
Type: | Graham
Cleanup/optimization | Status: assigned
Component: Core (System | Version: master
checks) |
Severity: Normal | Resolution:

Keywords: | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------

Comment (by Tim Graham):

[https://github.com/django/django/pull/7700 PR]

--
Ticket URL: <https://code.djangoproject.com/ticket/27611#comment:1>

[Django]

#27611: Remove check that suggests enabling CSRF_COOKIE_HTTPONLY setting
-------------------------------------+-------------------------------------

Reporter: Tim Graham | Owner: Tim
Type: | Graham
Cleanup/optimization | Status: assigned
Component: Core (System | Version: master
checks) |
Severity: Normal | Resolution:

Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0

Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------

Changes (by Tim Graham):

* has_patch: 0 => 1

Comment:

[https://github.com/django/django/pull/7700 PR]

--
Ticket URL: <https://code.djangoproject.com/ticket/27611#comment:2>

[Django]

#27611: Remove check that suggests enabling CSRF_COOKIE_HTTPONLY setting
-------------------------------------+-------------------------------------

Reporter: Tim Graham | Owner: Tim
Type: | Graham

Cleanup/optimization | Status: closed

Component: Core (System | Version: master
checks) |

Severity: Normal | Resolution: fixed
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0

Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------

Changes (by GitHub <noreply@…>):

* status: assigned => closed
* resolution: => fixed

Comment:

In [changeset:"c27104a9c74bc9d9e552d41f53468b103749e110" c27104a]:
{{{
#!CommitTicketReference repository=""
revision="c27104a9c74bc9d9e552d41f53468b103749e110"
Fixed #27611 -- Doc'd that CSRF_COOKIE_HTTPONLY setting offers no
security.
}}}

--
Ticket URL: <https://code.djangoproject.com/ticket/27611#comment:3>