Question about CSRF changes in 1.0

[noahgorstein]

Hey folks. Been using Django Ninja for the past 6 months or so and it has been fantastic so thank you!

I was reading the high level release notes in the Github Release for v1.0RC and saw:

CSRF is now automatic on Cookie based authentication ( now you should be able to combine multiple cookie/header/etc authenticators and play around with csrf logic)

I was wondering if any of you folks could elaborate more on what this means and share a small example of what things we could do now that we couldn't before.

I have been wanting to disable CSRF to some of my routes that use Django cookie based auth (with csrf) in non prod envs controlled by some setting, etc. Like ideally I could disable csrf in certain envs but ensure it is active for prod. Let me know if that doesn't sense. To my knowledge I don't believe that has been possible, at least pre v1.0.