2

The Problem:

In Django 1.9, CSRF_TRUSTED_ORIGINS was added to the available settings which allows to, for example, access the application from all the subdomains:

CSRF_TRUSTED_ORIGINS = ["*.example.com"]

Which is exactly what we need.

The problem is, we've got a legacy system with Django 1.6 (don't ask, it is sad). Cannot upgrade.

And, in Django 1.6 the origin check is built/hardcoded into the csrf middleware.

The Question: What is the best way to approach the problem? Custom csrf middleware instead of the built-in?

Would appreciate any pointers.

alecxe
  • 462,703
  • 120
  • 1,088
  • 1,195

1 Answers1

0

Fixed, basically, by backporting the csrf middleware from Django 1.9 manually to be compatible with Django 1.6. Not pretty, but works at the moment.

alecxe
  • 462,703
  • 120
  • 1,088
  • 1,195