Задать вопрос

Тел: +7 965 3737 888

424

Просмотров

1

Ответов

SignedForm: CSRF-protect forms with a hidden token field

<p>This form subclass helps protect against cross-site request forgery by adding a hidden field named csrf_token to forms.  The form must be initialized with the request as a keyword argument, both with and without POST data:
</p>
my_form = MySignedForm(request=request)
...
my_form = MySignedForm(request.POST, request=request)
<p>Upon validation, a PermissionDenied exception will be raised if forgery is detected.
</p>
<p>If any security details have been overlooked in this recipe, please leave a comment.
</p>

Вопрос полезен? Да0/Нет0
file_3545.py(1.0Кб)
None

Ответы (1):

Ответexogen:17.10.2009
Ответ полезен? Да0/Нет0

@Tarken: Greater control. See the Limitations section on that page. Also, I consider the approach of parsing and rewriting the entire response inherently ugly. :)