Related info hard to find on the Internet...
Am using a Lynx web browser, connecting to a Django website.
Django is one of the foremost users of the CSRF (Cross Site Request Forgery) cookie to prevent XSF attacks.
Connecting from more conventional web browsers has no problem, eg Google Chrome debugging console acknowledges the cookie and continues.
On Lynx however, I'm getting a showstopper,
I've found hardly anything available anywhere about Lynx and CSRF, only information about Lynx and cookies. Based on that information,
I determined that in the /etc/lynx.cfg the default install denies any/all use of cookies.
So, I went in and turned on cookies but not persistent cookies (I have no need to save cookies across app restarts or reboots).
But, that's not resolving the issue.
So, just wondering... If anyone has experience/knowledge of CSRF, and maybe how it is configured in Django (I'd be inclined to disable). Or anyone who might have a better understanding of how cookies might be read in Lynx so I might understand if anything can be done beyond simply enabling coookies support.
TIA,
TSU
Am using a Lynx web browser, connecting to a Django website.
Django is one of the foremost users of the CSRF (Cross Site Request Forgery) cookie to prevent XSF attacks.
Connecting from more conventional web browsers has no problem, eg Google Chrome debugging console acknowledges the cookie and continues.
On Lynx however, I'm getting a showstopper,
Code:
Forbidden (403)
CSRF verification failed, Request aborted.
Reason given for failure:
CSRF cookie not setI determined that in the /etc/lynx.cfg the default install denies any/all use of cookies.
So, I went in and turned on cookies but not persistent cookies (I have no need to save cookies across app restarts or reboots).
But, that's not resolving the issue.
So, just wondering... If anyone has experience/knowledge of CSRF, and maybe how it is configured in Django (I'd be inclined to disable). Or anyone who might have a better understanding of how cookies might be read in Lynx so I might understand if anything can be done beyond simply enabling coookies support.
TIA,
TSU