How to Prevent Cross Site Request Forgery (CSFF) in Django 


How to Prevent Cross Site Request Forgery (CSRF) in Django


In this article, we show how to prevent cross site request forgery (CSRF) in Django

So CRSF is a security issue that can compromise a user's and website's functioning.

CRSF is a type of attack in which an authenticated user is logged into a site and a hacker plants an attack that tricks the website into doing something that the user hasn't intended. This can be something such as a user being logged into his paypal account online and the hacker manipulates the user to submitting funds to some account that the user hasn't intended.

This would be a type of CRSF attack.

Basically, a CSRF attack is an attack in which a hacker is able to manipulate an authenticated user's action to do unwanted things.

Django takes CRSF very seriously and actually will not allow a form to be without CRSF protection.

Therefore, each form in Django, must have within the <form></form ? attributes the following line, {% csrf_token %}

So within each form tag in the Django framework, this line must be present.

This is shown below.

This is built-in Django functionality that prevents against CRSF attacks, which is very preventable with security measures in place.

Related Resources

How to Randomly Select From or Shuffle a List in Python

HTML Comment Box is loading comments...