csrf_token django code example
Example 1: csrf_exempt
from django.views.decorators.csrf import csrf_exempt
@csrf_exempt
def exampleview(request):
pass
Example 2: django csfr token
<form action="{% url "submit-form-url-name" %}" method="post" accept-charset="utf-8">
{% csrf_token %}
{{ form.field1 }}
{{ form.field2 }}
...
</form>
Example 3: django csrf token in javascript
function getCookie(name) {
let cookieValue = null;
if (document.cookie && document.cookie !== '') {
const cookies = document.cookie.split(';');
for (let i = 0; i < cookies.length; i++) {
const cookie = cookies[i].trim();
// Does this cookie string begin with the name we want?
if (cookie.substring(0, name.length + 1) === (name + '=')) {
cookieValue = decodeURIComponent(cookie.substring(name.length + 1));
break;
}
}
}
return cookieValue;
}
const csrftoken = getCookie('csrftoken');
Example 4: csrf token django
Cross Site Request Forgery protection¶
The CSRF middleware and template tag provides easy-to-use protection against
Cross Site Request Forgeries. This type of attack occurs when a malicious
website contains a link, a form button or some JavaScript that is intended
to perform some action on your website, using the credentials of a logged-in
user who visits the malicious site in their browser. A related type of attack,
‘login CSRF’, where an attacking site tricks a user’s browser into logging into
a site with someone else’s credentials, is also covered.
The first defense against CSRF attacks is to ensure that GET requests
(and other ‘safe’ methods, as defined by RFC 7231
side effect free. Requests via ‘unsafe’ methods, such as POST, PUT,
and DELETE, can then be protected by following the steps below.