csrf_token is to prevent csrf (cross-site request forgery) and prevent hackers from misappropriating your account passwords and information stored on cookies (cookies)
What exactly did you do:
When rendering the template, django will replace {% csrf_token%} with a
<input type = “hidden”, name = 'csrfmiddlewaretoken' value = Token generated randomly by the server> element.
When submitting the form, the token will be submitted.
Django starts the 'django.middleware.csrf.CsrfViewMiddleware' middleware by default. This middleware is to verify csrf_token. If csrf_token is not added, an error will occur.
————————————————
Copyright Statement: This article is an original article of CSDN blogger "bigdaddy_maybe", follow CC 4.0 BY-SA copyright agreement, please attach the original source link and this statement .
Original link: https://blog.csdn.net/bigdaddy_maybe/java/article/details/82747274
1. It is not recommended to disable CSRF in django.
2. We can add csrf_token to the form form of the html page and send the request with the form to the server to verify.
<form action="{% url 'logout' %}" method="POST">
{% csrf_token %}
<button class="logout-btn" type="submit">退出</button>
</form>
Related learning materials: