For rest_framework, the csrf component that comes with django does not take effect

There is a django.middleware.csrf.CsrfViewMiddlewaremiddleware in Django that provides global csrf checking. Its principle is <form>to generate a hidden label in the <input>label, submit this hidden <input>together when submitting the form, and the server verifies that this field is correct.

The official csrf operation steps are:

1. In MIDDLEWARE_CLASSESadding django.middleware.csrf.CsrfViewMiddleware, open global csrf protection.
2. For the form from POST to the station <form>, add a {% csrf_token %}template tag to the tag in the template.
3. Make sure to use the django.template.context_processors.csrfContext processor in the corresponding view function . There are two ways to achieve:
   (1). Use RequestContextor directly use the common view, they will be automatically csrf_tokenadded to the template context.
   return render_to_response ("xxx.html", context_instance = RequestContext (request))
   (2). Manually import and use the processor to generate the CSRF token and add it to the template context. For example:
   from django.shortcuts import render_to_response
   from django.template.context_processors import csrf
   def my_view (request):
   c = {}
   c.update (csrf (request))
   # ... view code here
   return render_to_response ("a_template.html" , c)

However, manual import is cumbersome and makes the code difficult to maintain, and RequestContextit is not good to use , and the Django 1.8 documentation states that context_instanceit will be discarded after 1.8.
How should we deal with csrf_tokenit? In fact, Django provides a shortcut function to deal with this problem. An example of
django.shortcuts.rendersetting the context_instancedefault internally RequestContext. The call rendercan be automatically csrf_tokenadded to the context.

---

There are some blogs on the Internet that can be settingsset to TEMPLATE_CONTEXT_PROCESSORSachieve global csrf_tokenpadding to the context.
But after my experiment, I found that it is not easy to use. If a friend knows the reason, I would also like to let you know.

I settingsset it up like this:

TEMPLATE_CONTEXT_PROCESSORS = global_settings.TEMPLATE_CONTEXT_PROCESSORS + (    
    'django.core.context_processors.csrf',
)


----------------------------------------------------------------------------------------------------------------------------------------------------------------------------
自此了解到要想django自带的csrf组件生效，要满足以上三个条件

1. In MIDDLEWARE_CLASSESadding django.middleware.csrf.CsrfViewMiddleware, open global csrf protection.
2. For the form from POST to the station <form>, add a {% csrf_token %}template tag to the tag in the template.
3. Render view with render function

The rest framework framework is a project that separates the front end and the back end. The returned result is returned by Response, so the csrf component that comes with django does not take effect , so the authentication component of the rest framework is used for token authentication, which explains my confusion. Why does the rest framework request life cycle pass through django middleware and also through django's csrf component? Why do we need to write authentication components ourselves, why not use django