I've implemented a simple Django app deployed on Heroku to test out integration with VGS but it throws an error relating to CSRF verification failing. How do you recommend sites using VGS prevent CSRF attacks without using a cookie

Make sure that you are using the same domain for all requests.

For example: 

this way you can set the cookie domain value to example.com and the browser will send it to the proxy and the website that serves the unprotected content without having to disable cookies or CSRF. Another option may be using CSRF protection mechanism that doesn't require cookies (i.e. via sessions).

Was this article helpful?
0 out of 0 found this helpful



Please sign in to leave a comment.