Retrieving csrftoken value with CSRF_USE_SESSIONS enabled

[Arthur Rio]

Hi,

While working on turning on CSRF_USE_SESSIONS for a project, I noticed that the documentation recommends the following to retrieve the value:

```

{% csrf_token %}

<script>

const csrftoken = document.querySelector('[name=csrfmiddlewaretoken]').value;

</script>

```

I am wondering why not doing the following instead?

```

<script>

const csrftoken = “{{ csrf_token }}";

</script>

```

Is there some other security benefits I’m not thinking of?

Regards

Arthur

[Dvs Khamele]

Hi do you hire contract based python/django freelancer?

 We can help you in this and related tasks at fair prices. Reply or send email to div...@pythonmate.com

Best Regards, 

Divyesh Khamele,

Pythonmate

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CADOBPEHHoi8yY8cxyMa5jXjcz60MDFiOFW338g%2BAGwqBnEb84A%40mail.gmail.com.