+ 6

Why we need {% csrf_token %}, what it's actual use?

To start a form we must need of csrf_token else errors will occur...

25th Aug 2019, 5:24 AM
Prince Raj
Prince Raj - avatar
5 odpowiedzi
+ 5
OWASP SECURITY MANDATE 🤔
26th Aug 2019, 2:49 AM
Sanjay Kamath
Sanjay Kamath - avatar
25th Aug 2019, 10:49 AM
Владимир Азаренко
Владимир Азаренко - avatar
+ 3
This is to prevent a kind of web attack known as "Cross site request forgery" (or CSRF). You can look it up on google to read more about what it is.
25th Aug 2019, 12:43 PM
haydenki
haydenki - avatar
+ 3
Cross-site request forgery, also known as one-click attack or session riding and abbreviated as CSRF (sometimes pronounced sea-surf) or XSRF, is a type of malicious exploit of a website where unauthorized commands are transmitted from a user that the web application trusts. This is commonly exploited through forms hence the need for django to enforce it in the construction structure. in simple terms they are helping you to pay attention to security from the word go when working with django. check out this link:https://en.wikipedia.org › wiki › Cross-site_request_forgery
25th Aug 2019, 1:49 PM
peter harvy
peter harvy  - avatar
+ 1
When we send get requests to server which contains forms. If we have csrf_token there then Server send csrf token( random string) with the form. Then when we submit that form with post request method. Server check that string (csrf token) to insure that this is same form send by server. It prevents random user to send post request. it Insure integrity . Though it is not necessary to use csrf token with form. It is only necessary with post method. If you use get request it is not required csrf token.
1st Sep 2019, 5:43 AM
husen
husen - avatar