csrf_token django code example

Example 1: csrf_exempt

#first you need to import this
from django.views.decorators.csrf import csrf_exempt

#now use @csrf_exempt dacorator as follows

@csrf_exempt
def exampleview(request):
	pass
	#now this view will not require csrf_token to handle post requests

Example 2: django csfr token

<form action="{% url "submit-form-url-name" %}" method="post" accept-charset="utf-8">
    {% csrf_token %}
    {{ form.field1 }}
    {{ form.field2 }}
    ...
</form>

Example 3: django csrf token in javascript

function getCookie(name) {
    let cookieValue = null;
    if (document.cookie && document.cookie !== '') {
        const cookies = document.cookie.split(';');
        for (let i = 0; i < cookies.length; i++) {
            const cookie = cookies[i].trim();
            // Does this cookie string begin with the name we want?
            if (cookie.substring(0, name.length + 1) === (name + '=')) {
                cookieValue = decodeURIComponent(cookie.substring(name.length + 1));
                break;
            }
        }
    }
    return cookieValue;
}
const csrftoken = getCookie('csrftoken');

Example 4: csrf token django

Cross Site Request Forgery protection¶
The CSRF middleware and template tag provides easy-to-use protection against
Cross Site Request Forgeries. This type of attack occurs when a malicious
website contains a link, a form button or some JavaScript that is intended 
to perform some action on your website, using the credentials of a logged-in 
user who visits the malicious site in their browser. A related type of attack,
‘login CSRF’, where an attacking site tricks a user’s browser into logging into
a site with someone else’s credentials, is also covered.

The first defense against CSRF attacks is to ensure that GET requests
(and other ‘safe’ methods, as defined by RFC 7231#section-4.2.1) are
 side effect free. Requests via ‘unsafe’ methods, such as POST, PUT,
 and DELETE, can then be protected by following the steps below.