csrf authentication mechanisms:
django in for POST requests, CSRF will perform an authentication process, CSRF authentication mechanism is the defense cross-site forgery features, without any treatment under the premise, POST request error.
csrf certification - stencil operations:
Template file operations:
django project to the default POST request a csrf authentication, only to submit data block tags in the template was added {{ % vsrf_token % }} to, (no cancellation seetings.py profile MIDDLEWARE list 'django .middleware.csrf.CsrfViewMiddleware ', ), the template page will automatically hide rendered during rendering respective input tag : <input type = "hidden" name = "csrfmiddlewaretoken" value = "8J4z1wiUEXt0gJSN59dLMnktrXFW0hv7m4d40Mtl37D7vJZfrxLir9L3jSTDjtG8"> each are random of
csrf Authentication - Module Action:
In views.py the first introduction module: from django.views.decorators.csrf Import csrf_exempt, csrf_protect
( 1 ) Release Certification: @csrf_exempt
. 1 @csrf_exempt # release csrf authentication (authentication mechanisms exist even if the global settings.py in view of the function but also the release of the POST request) 2 DEF Login (Request): . 3 IF request.method == " the GET " : . 4 return the render (Request, " the login.html " ) . 5 elif request.method == " the POST " : . 6 name = request.POST.get ( " username " ) . 7 PSD = request.POST.get ( " userpsd " ) . 8 Status =models.auth(name,psd) 9 if status: 10 return HttpResponse("<h1>Success!</h1>") 11 else: 12 return render(request,"login_fail.html")
( 2 ) Compulsory Certification: @csrf_protect
. 1 @csrf_protect # mandatory csrf authentication (authentication mechanism does not exist even if the global settings.py, it is also mandatory authentication function to view the POST request) 2 DEF Login (Request): . 3 IF request.method == " the GET " : . 4 return the render (Request, " the login.html " ) . 5 elif request.method == " the POST " : . 6 name = request.POST.get ( " username " ) . 7 PSD = request.POST.get ( " userpsd " ) . 8 Status =models.auth(name,psd) 9 if status: 10 return HttpResponse("<h1>Success!</h1>") 11 else: 12 return render(request,"login_fail.html")
login.html
1 <!DOCTYPE html> 2 <html lang="en"> 3 <head> 4 <meta charset="UTF-8"> 5 <meta http-equiv="refresh" content=""> 6 <meta name="keywords" content=""> 7 <style></style> 8 <script src="https://cdn.bootcss.com/jquery/3.4.1/jquery.js"></Script > . 9 < Link the rel = "this stylesheet" the href = "" > 10 < title > Login </ title > . 11 </ head > 12 is < body > 13 is < form Action = "http://127.0.0.1:8888/login / " Method =" POST " > 14 {%} # {% csrf_token <-! automatically generates a hidden input tag (CSRF authentication ID) during rendering template -> #} 15 < Table > 16 <tr> 17 <td>用户名:</td> 18 <td><input type="text" name="username"></td> 19 </tr> 20 <tr> 21 <td>密码:</td> 22 <td><input type="text" name="userpsd"></td> 23 </tr> 24 <tr> 25 <td><input type="reset"></td> 26 <td><input type="submit" ></td> 27 </tr> 28 </table> 29 </form> 30 </body> 31 </html> 32