Summary:
django for users to achieve to prevent cross-site request forgery function is accomplished by the middleware django.middleware.csrf.CsrfViewMiddleware. For preventing django provided CSRF functions are divided into global and local.
Overall: Middleware django.middleware.csrf.CsrfViewMiddleware;
local: @csrf_protect, forgery prevention function is provided to force the current function as cross-site request, even if the settings are not set the overall middleware. @csrf_exempt, cancels the current function CSRF prevention function, even if the global settings set in the middleware.
purpose:
csrf_token is to prevent csrf (CSRF), what is csrf, this article is talking about well: Click here Oh ^ v ^ Finally, also said, and to have the means to prevent csrf form to add a token..
More simply put: is to prevent hackers to steal your password and account information exists on the site (cookie)
specifically what to do:
when rendering templates, django {% csrf_token%} will replace one element. When the form is submitted, I would submit this token to go.
django default startup 'django.middleware.csrf.CsrfViewMiddleware' middleware, the middleware is to verify the csrf_token. If you do not add csrf_token, it will go wrong.