CSRF token #5
Comments
|
There's a third way, I believe: |
|
You are right @kezabelle. Thanks a lot! I'm thinking about introducing a template tag to make it more convenient. |
|
I wonder if intercooler should support the rails-style CSRF meta tags out
of the box.
Does django have something similar?
Cheers,
Carson
On March 22, 2017 at 2:07:41 AM, Jochen Breuer ([email protected]) wrote:
You are right @kezabelle <https://github.com/kezabelle>. Thanks a lot! I'm
thinking about introducing a template tag to make it more convenient.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#5 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AAcov2Yx1NvixG5LCeJ72gSlbdgGHhi8ks5roOTdgaJpZM4MDBLE>
.
|
|
@carsongross That would be awesome. Django is very frontend agnostic, so this is our job. I see no reason not to introduce a CSRF meta tag. I would indeed prefer this over anything else. It is easy to implement and solves the problem. |
|
+1 for an out of the box support on CSRF tokens |
|
@chg20 Any news on this? I'm just asking, because I was not following the latest changes and would like to catch up. Thanks! |
|
How does django encode the CSRF token? |
|
@chg20 Seems like the best way to get it is from the cookies. Hm… maybe intercooler could have a hook that gets called when implemented and then each framework would be able to ship a tiny snippet that would set the csrf tokens or not? |
Django is expecting a CSRF token with POST requests to prevent Cross Site Request Forgeries. This also includes AJAX POST requests.
With a normal form this looks like this:
Looks like there are two ways to implement this.
The text was updated successfully, but these errors were encountered: