CSRF issue

[Claudy Focan]

Hello Guys,

for my projects, i need to be able to use login_ajax from other subdomains which are not manage by django,

so for sure will gonna have issue with the CSRF token, but i were thinking by adding my others subdomains into CSRF_TRUSTED_ORIGINS but unfortunatly is not working, i still get 403 for now this only stuff i found is  adding @csrf_exempt to the method login_user but is not very safe, do you have any idea to improve the security for this specific issue ?

Best

[t...@opencraft.com]

Hi Claudy,

The Open edX forums have moved to https://discuss.openedx.org, so you will have a better shot at getting an answer if you re-post your questions there.

Cheers,

Tim