csrf token fetch django
let data = {
'file': file,
'fileName': file.name,
};
// You have to download 3rd Cookies library
// https://docs.djangoproject.com/en/dev/ref/csrf/#ajax
let csrftoken = Cookies.get('csrftoken');
let response = fetch("/upload/", {
method: 'POST',
body: JSON.stringify(data),
headers: { "X-CSRFToken": csrftoken },
})
4
3
Cross Site Request Forgery protection¶
The CSRF middleware and template tag provides easy-to-use protection against
Cross Site Request Forgeries. This type of attack occurs when a malicious
website contains a link, a form button or some JavaScript that is intended
to perform some action on your website, using the credentials of a logged-in
user who visits the malicious site in their browser. A related type of attack,
‘login CSRF’, where an attacking site tricks a user’s browser into logging into
a site with someone else’s credentials, is also covered.
The first defense against CSRF attacks is to ensure that GET requests
(and other ‘safe’ methods, as defined by RFC 7231#section-4.2.1) are
side effect free. Requests via ‘unsafe’ methods, such as POST, PUT,
and DELETE, can then be protected by following the steps below.
Thank you!
3
0
Are there any code examples left?
New code examples in category Python
-
Python 2023-04-11 03:04:20
-
Python 2022-03-27 22:40:04 pycharm no module named
-
Python 2022-03-27 22:25:05 assign multiple variablesin one line
-
Python 2022-03-27 22:20:02 levenshtein distance
-
Python 2022-03-27 21:35:09 get text from url python last slash
-
Python 2022-03-27 21:30:30 df concatenate df
-
Python 2022-03-27 21:25:09 python odd or even
-
Python 2022-03-27 21:15:32 python include function from another file
-
Python 2022-03-27 21:10:01 color module python
-
Python 2022-03-27 21:00:27 python tkinter cursor types