Задать вопрос

Тел: +7 965 3737 888

528

Просмотров

2

Ответов

CSRF this!

A form with built-in CSRF protection. Include CsrfCookieMiddleware in your MIDDLEWARE_SETTINGS, subclass SafeForm and off you go. See: this django-developers post for more info.

[edit] This form is actually WAY overengineered currently. Will update soon.

Вопрос полезен? Да0/Нет0
file_3647.py(2.3Кб)
None

Ответы (2):

Ответsimon:23.09.2008
Ответ полезен? Да0/Нет0

Using middleware to set the CSRF cookie is a smart approach. I'm not sure if I like it though - I want CSRF protection to be ridiculously easy to turn on (just use SafeForm instead of regular Form) and most Django projects I work on end up with far too many middleware classes as it is. I'd rather avoid telling people to apply Yet Another middleware.

Ответludvig.ericson:24.09.2008
Ответ полезен? Да0/Нет0

I agree with Willison.

This middleware is going to add the CSRF cookie to every response.

As for random_chars:

def random_chars(n): return random.sample(string.letters, n)