Stack Overflow
Stack Overflow

Questions tagged [django-csrf]

django-csrf is the Cross Site Request Forgery (CSRF) protection middleware for Django.

The Csrf Middleware for Django modifies outgoing requests that are associated with a session by adding a hidden form field to all 'POST' forms, with name 'csrfmiddlewaretoken' and a value which is a hash of the session ID plus a secret.

The middleware then processes all incoming POST requests that have the session cookie set, checks that the 'csrfmiddlewaretoken' is present and correct, and if it isn't, throws a 403 error.

618 questions
0
votes
1 answer

How can I add a csrf token on a http request in python?

I am using Django 1.4 to build a web service. My intention is to use it just as a web server (no browser involved), which means there's no form or template involved in the http request. I plan to use AJAX in the future but for now the client is just…
Sofia Bravo
  • 579
  • 8
  • 22
0
votes
1 answer

AttributeError at /login/ 'bool' object has no attribute 'rindex' - Django 1.5 issue

I'm getting the following error in my browser everytime I try to log into my Django app that I'm creating: Request Method: POST Request URL: http://127.0.0.1:8000/login/ Django Version: 1.6 #UPDATE: HAVE DOWNGRADED TO DJANGO 1.5 AND STILL GETTING…
gersande
  • 465
  • 1
  • 8
  • 25
0
votes
1 answer

CSRF verification failed: Django 1.5.0

I'm running a really basic django login app (I thought) based on the official docs and...it's still not working no matter what I'm doing, and I've been looking through every single question on StackOverflow and not finding the answer. I'm running…
gersande
  • 465
  • 1
  • 8
  • 25
0
votes
2 answers

Why CSRF protect session-less users?

Some frameworks (e.g. Django) support CSRF protection for users without any kind of session. What is the benefit of that? What is the exploit that a CSRF attack could take advantage of when there is no existing session for the user?
Nils
  • 5,612
  • 4
  • 34
  • 37
0
votes
0 answers

django csrf token value="False"

I have already tried looking at other similar responses but have not found anything that helps. I have two pages that are very similar, but one works while the other does not. In views.py: if questionType in (1, 2, 6, 7, 8): return…
user2642980
  • 1
0
votes
1 answer

Django why i still got CSRF verification failed?

my template is below:
{% block login %}
{% csrf_token %}
Jack Zhang
  • 2,534
  • 5
  • 25
  • 34
0
votes
1 answer

Django Login App Returning 403 Forbidden, CSRF Issues

I'm using this tutorial to try out creating a django login application (super simple stuff...) This is the code I end up with in my template (index.html)
{{ state }}
gersande
  • 465
  • 1
  • 8
  • 25
0
votes
1 answer

CSRF verification failed despite following documentation

I'm trying to implement an ajax function that will execute a database query based on the id value of a drop down selection. The HTML of the drop down list is {% csrf_token %}