1. Introduction
Django implements the function of preventing cross-site request forgery for users, which is done through the middleware django.middleware.csrf.CsrfViewMiddleware. The anti-cross-site request forgery function in django is divided into global and local.
Global:
Middleware django.middleware.csrf.CsrfViewMiddleware
Local:
from django.views.decorators.csrf import csrf_exempt,csrf_protect
- @csrf_protect, forcibly set the anti-cross-site request forgery function for the current function, even if the global middleware is not set in the settings.
- @csrf_exempt, cancel the anti-cross-site request forgery function of the current function, even if the global middleware is set in the settings.
2. Application
normal form submission
<form action= " /xiaoqing/session1/ " method= " post " > {{ csrf_token }} #In fact, the background sends a bunch of strings to the user {% csrf_token %} #Need to set {% csrf_token %} <input type= " text " name= " username " /> <input type="text" name="password"/> <input type="checkbox" value="1" name="remember">10s免登录 <input type="submit" value="提交"/> <input type="button" value="ajax提交" id="btn"> </form>