1. CSRF Introduction
Cross-site request forgery (CSRF) and cross-site scripting request just the opposite. Cross-site scripting issue a request that the data sent by the server client trust. CSRF problem is that trust from the client server data.
CSRF without the existence of hidden
cross-site request forgery when an attacker transmits an HTTP request to the server data river, thereby steal the cookie answer. After the answer to steal cookie, an attacker can not only get information about the user,
you can also modify the account information associated with the cookie.
2. CSRF in Django
django for users to achieve to prevent cross-site request forgery function is accomplished by the middleware django.middleware.csrf.CsrfViewMiddleware.
For preventing django provided CSRF functions are divided into global and local. Overall:
Middleware django.middleware.csrf.CsrfViewMiddleware local:
@csrf_protect, as a function of compulsorily setting the current CSRF prevention function, even if the settings are not set the overall middleware.
@csrf_exempt, cancels the current function CSRF prevention function, even if the global settings set in the middleware.
Note:
from django.views.decorators.csrf Import csrf_exempt, csrf_protect
