From the course: Securing Django Applications
Unlock the full course today
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Enabling CSRF tokens in Django - Django Tutorial
From the course: Securing Django Applications
Enabling CSRF tokens in Django
- CSRF attacks also known as, cross-site request forgery attacks. Allow an attacker to automatically execute code in a web browser on behalf of a user. The danger of a CSRF attack is that it can be invisible to the user. For example, an attacker could attempt to transfer money on a bank website on behalf of the user. Another type of attack could attempt to change a user's email address, or password to something that the attacker knows. Here we have our journal view which will list a bunch of journal entries for the user, and this is the zero knowledge journal view. And we want to make sure, that whenever any request is sent to this view, that it is protected with a CSRF token. So, we going to use CSRF protect, and django has another decorator called CSRF exempt, In case you do want a view that is exempt from CSRF tokens. In this case, we want the CSRF token to be there for any post request. And then we can go to the…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.