How to Prevent Cross Site Request Forgery (CSRF) in Django


In this article, we show how to prevent cross site request forgery (CSRF) in Django

So CRSF is a security issue that can compromise a user's and website's functioning.

CRSF is a type of attack in which an authenticated user is logged into a site and a hacker plants an attack that tricks the website into doing something that the user hasn't intended. This can be something such as a user being logged into his paypal account online and the hacker manipulates the user to submitting funds to some account that the user hasn't intended.

This would be a type of CRSF attack.

Basically, a CSRF attack is an attack in which a hacker is able to manipulate an authenticated user's action to do unwanted things.

Django takes CRSF very seriously and actually will not allow a form to be without CRSF protection.

Therefore, each form in Django, must have within the <form></form ? attributes the following line, {% csrf_token %}

So within each form tag in the Django framework, this line must be present.

This is shown below.

This is built-in Django functionality that prevents against CRSF attacks, which is very preventable with security measures in place.

Related Resources

How to Randomly Select From or Shuffle a List in Python

HTML Comment Box is loading comments...