CSRF token mechanism, including a same origin check based on the origin http header in Django Framework code example
Example 1: django csfr token
<form action="{% url "submit-form-url-name" %}" method="post" accept-charset="utf-8">
{% csrf_token %}
{{ form.field1 }}
{{ form.field2 }}
...
</form>
Example 2: django csrf token
function getCookie(name) {
let cookieValue = null;
if (document.cookie && document.cookie !== '') {
const cookies = document.cookie.split(';');
for (let i = 0; i < cookies.length; i++) {
const cookie = cookies[i].trim();
// Does this cookie string begin with the name we want?
if (cookie.substring(0, name.length + 1) === (name + '=')) {
cookieValue = decodeURIComponent(cookie.substring(name.length + 1));
break;
}
}
}
return cookieValue;
}
const csrftoken = getCookie('csrftoken');