Without proper precautions, malicious sites could potentially invoke requests against your site that would result in undesired changes on your server, such as affecting a user's authentication, altering content, or accessing sensitive information. Django comes bundled with a system for preventing CSRF attacks such as these, and we'll review that in this recipe.
Making forms secure from Cross Site Request Forgery (CSRF)
by Aidas Bendoraitis, Jake Kronika
Django 2 Web Development Cookbook - Third Edition
- Title Page
- Copyright and Credits
- Dedication
- Packt.com
- Contributors
- Preface
- Getting Started with Django 2.1
- Introduction
- Working with a virtual environment
- Creating a virtual environment project file structure
- Working with Docker
- Creating a Docker project file structure
- Handling project dependencies with pip
- Including external dependencies in your project
- Configuring settings for development, testing, staging, and production environments
- Defining relative paths in the settings
- Creating and including local settings
- Setting up STATIC_URL dynamically for Subversion users
- Setting up STATIC_URL dynamically for Git users
- Setting UTF-8 as the default encoding for MySQL configuration
- Setting the Subversion ignore property
- Creating the Git ignore file
- Deleting Python-compiled files
- Respecting the import order in Python files
- Creating app configuration
- Defining overwritable app settings
- Database Structure and Modeling
- Introduction
- Using model mixins
- Creating a model mixin with URL-related methods
- Creating a model mixin to handle creation and modification dates
- Creating a model mixin to take care of meta tags
- Creating a model mixin to handle generic relations
- Handling multilingual fields
- Enabling schema microdata enhancements
- Using migrations
- Switching from South migrations to Django migrations
- Changing a foreign key to the many-to-many field
- Forms and Views
- Introduction
- Passing HttpRequest to a form
- Utilizing the save method of the form
- Uploading images
- Creating a form layout with custom templates
- Creating a form layout with django-crispy-forms
- Filtering object lists
- Managing paginated lists
- Composing class-based views
- Generating PDF documents
- Implementing a multilingual search with Haystack and Whoosh
- Templates and JavaScript
- Customizing Template Filters and Tags
- Introduction
- Following conventions for your own template filters and tags
- Creating a template filter to show how much time has passed since a post was published
- Creating a template filter to extract the first media object
- Creating a template filter to humanize URLs
- Creating a template tag to include a template if it exists
- Creating a template tag to load a QuerySet in a template
- Creating a template tag to parse content as a template
- Creating a template tag to modify request query parameters
- Model Administration
- Security and Performance
- Introduction
- Making forms secure from Cross Site Request Forgery (CSRF)
- Implementing password validation
- Downloading authorized files
- Adding a dynamic watermark to images
- Authenticating with Auth0
- Caching the method return value
- Using Memcached to cache Django views
- Using Redis to cache Django views
- Django CMS
- Hierarchical Structures
- Introduction
- Creating hierarchical categories with django-mptt
- Creating a category administration interface with django-mptt-admin
- Rendering categories in a template with django-mptt
- Using a single selection field to choose a category in forms with django-mptt
- Using a checkbox list to choose multiple categories in forms with django-mptt
- Creating hierarchical categories with django-treebeard
- Creating a basic category administration interface with django-treebeard
- Importing and Exporting Data
- Bells and Whistles
- Testing and Deployment
- Other Books You May Enjoy
Making forms secure from Cross Site Request Forgery (CSRF)
-
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.