. 1 # csrf_token tag 2 # effect: django own middleware, with the tag on the form, the user to verify whether the data submission is currently submitted data on the specified page, CSRF protective role. . 3 . 4 . 1 , open function settings.py inside csrftoken (uncomment) . 5 2 , the view function . 6 DEF Login (Request): . 7 IF request.method == ' the GET ' : . 8 NK = [ ' a ' , ' B ' , ' C ' , ' D ' ] . 9 return the render (Request, ' the login.html ' , {' A1 ' :} NK) 10 the else : . 11 Print (request.body) 12 is return the HttpResponse ( ' the POST request mode ' ) 13 is . 3 , the template file 14 <Action form = "" Method = " POST " > 15 {% csrf_token %}% # csrf_token% add here { } this code, to enable the division table csrf_token 16 <H3> username: <INPUT type = " text " name = " name " > </ H3> 17 <h3> Password: <INPUT type = " password " name = " password " > </ H3> 18 is <INPUT type = " Submit " > . 19 </ form> 20 is 21 is # request process: 22 # client: web segments: HTTP: // 127.0.0.1:8000/login 23 # server: sending to the client a login.html page, through time middleware, the middleware will add a hidden in the pages of input labels, when there csrf the name and value 24- # clients: received login.html page, start filling out a form, submit form and click submit the form, where the form contains a hidden input csrf label. 25 # server: clients receive packet submitted, in the first middleware layer will csrf_token check to see if the machine is generating the token, and if not, directly 403, if the code is to stay in view of the function definition.