django-session-csrfCSRF protection for Django without cookies | |
Download |
django-session-csrf Ranking & Summary
Advertisement
django-session-csrf Tags
django-session-csrf Description
CSRF protection for Django without cookies django-session-csrf is an alternative implementation of Django's CSRF protection that does not use cookies. Instead, it maintains the CSRF token on the server using Django's session backend. The csrf token must still be included in all POST requests (either with csrfmiddlewaretoken in the form or with the X-CSRFTOKEN header).Installation:From PyPI:pip install django-session-csrfFrom github:git clone git://github.com/mozilla/django-session-csrf.gitReplace django.core.context_processors.csrf with session_csrf.context_processor in your TEMPLATE_CONTEXT_PROCESSORS:TEMPLATE_CONTEXT_PROCESSORS = ( ... 'session_csrf.context_processor', ...)Replace django.middleware.csrf.CsrfViewMiddleware with session_csrf.CsrfMiddleware in your MIDDLEWARE_CLASSES:MIDDLEWARE_CLASSES = ( ... 'session_csrf.CsrfMiddleware', ...)Then we have to monkeypatch Django to fix the @csrf_protect decorator:import session_csrfsession_csrf.monkeypatch()Make sure that's in something like manage.py so the patch gets applied before your views are imported. Requirements: · Python
django-session-csrf Related Software