1. Cross-site request forgery: CSRF
django implements for users: the function of preventing cross-site request forgery is accomplished through the middleware django.middleware.csrf.CsrfViewMiddleware. The anti-cross-site request forgery function in django is divided into global and local.
Global:
Middleware django.middleware.csrf.CsrfViewMiddleware
Local:
@csrf_protect, forcibly set the anti-cross-site request forgery function for the current function, even if the global middleware is not set in the settings.
@csrf_exempt, cancel the anti-cross-site request forgery function of the current function, even if the global middleware is set in the settings
注:from django.views.decorators.csrf import csrf_exempt,csrf_protect
Set Token in html:
{% csrf_token %}
View view return method:
from
django.template.context
import
RequestContext
return render_to_response('Account/Login.html',data,context_instance=RequestContext(request)
or
return render(request, 'xxx.html', data)
The #render() method is a brand new shortcut of render_to_response , the render() method will automatically use RequestContext=RequestContext(request)
2、Ajax
AJAX = Asynchronous JavaScript and XML (Asynchronous JavaScript and XML)
In short, AJAX loads data in the background and displays it on the web page without reloading the entire web page.
CSRF with Ajax