Skip cache on CSRF token

torchbox · Jul 29, 2024 · 5867f74 · 5867f74
1 parent 97aca3e
commit 5867f74
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/cloudflare/workers.js b/cloudflare/workers.js
@@ -3,7 +3,7 @@
 // applied after this worker runs.
 
 // When any cookie in this list is present in the request, cache will be skipped
-const PRIVATE_COOKIES = ['sessionid'];
+const PRIVATE_COOKIES = ['sessionid', 'csrftoken'];
 
 // These querystring keys are stripped from the request as they are generally not
 // needed by the origin.