I have a Python program that needs to be able to send data to my website (built with Django). This data will then be taken and displayed on a certain part of the website. The problem I'm having is that the CSRF protection built into Django blocks my POST request. From what I understand, this is usually avoided by adding {%csrf_token} to whatever form the POST request is being sent to. My problem is that I'm trying to send the POST request to a .cgi script rather than a form. Does anybody know how I could bypass the CSRF protection (preferably without removing it completely although this is an option.)
Asked
Active
Viewed 2,518 times
3
-
possible duplicate of [Django CSRF framework cannot be disabled and is breaking my site](http://stackoverflow.com/questions/1650941/django-csrf-framework-cannot-be-disabled-and-is-breaking-my-site) – Oct 01 '13 at 15:20
2 Answers
5
You should use the csrf_exempt decorator to avoid csrf protection in certains view.
You can read the docs for more information
esauro
- 1,276
- 10
- 17
-
It's no just the link, but also all the way Django manage this staff. New doc is https://docs.djangoproject.com/en/1.9/ref/csrf/. Note there were 4 releases between my original post and now. – esauro Mar 02 '16 at 11:41
0
In case you are using class based views, I'd recommend django-braces which uses a mixin to achieve this, as well as providing other extremely useful mixins.
hellsgate
- 5,905
- 5
- 32
- 47