encode/django-rest-framework
1
1
Fork 0
mirror of https://github.com/encode/django-rest-framework.git synced 2025-01-24 16:24:18 +03:00
Code Issues Packages Projects Releases Wiki Activity
6ec6ddea9b
django-rest-framework/rest_framework/templates
History
Luka Jeran 6ec6ddea9b
Avoid inline script execution for injecting CSRF token (#7016) 
Scripts with type="application/json" or "text/plain" are not executed, so we can
use them to inject dynamic CSRF data, without allowing inline-script execution
in Content-Security-Policy.
2022-11-29 16:10:32 +00:00
..
rest_framework Avoid inline script execution for injecting CSRF token (#7016) 2022-11-29 16:10:32 +00:00