csrf authentication mechanism:
In django, for POST request, csrf will conduct authentication processing. csrf authentication mechanism is to prevent cross site forgery. Without any processing, POST request will report an error.
csrf authentication -- template operation:
Actions in template file:
In django project, the POST request is authenticated by csrf by default. You only need to add the template label {% vsrf [u token%}} to the code block where the template submits data. (you don't need to log out of 'django.middleware.csrf.CsrfViewMiddleware' in the MIDDLEWARE list of sessions.py configuration file). The template page will automatically render into a hidden input label at the corresponding location when rendering: < input type= "Hidden" name = "csrfmiddlewaretoken" value = "8j4z1wiuext0gjsn59dlmnktrxxfw0hv7m4d40mtl37d7vjzfrxlir9l3jstdjtg8" > every time is random
csrf authentication -- module operation:
In views.py, first import the module: from django.views.decorators.csrf import csrf_empty, csrf_protect
(1) release certification: @ csrf_exempt
1 @csrf_exempt #Release csrf Certification (even if settings.py There is a global authentication mechanism in the POST View function release requested) 2 def login(request): 3 if request.method=="GET": 4 return render(request,"login.html") 5 elif request.method=="POST": 6 name=request.POST.get("username") 7 psd=request.POST.get("userpsd") 8 status=models.auth(name,psd) 9 if status: 10 return HttpResponse("<h1>Success!</h1>") 11 else: 12 return render(request,"login_fail.html")
(2) compulsory authentication: @ csrf_protect
1 @csrf_protect #force csrf Certification (even if settings.py There is no global authentication mechanism in the POST View function force authentication requested) 2 def login(request): 3 if request.method=="GET": 4 return render(request,"login.html") 5 elif request.method=="POST": 6 name=request.POST.get("username") 7 psd=request.POST.get("userpsd") 8 status=models.auth(name,psd) 9 if status: 10 return HttpResponse("<h1>Success!</h1>") 11 else: 12 return render(request,"login_fail.html")
login.html
1 <!DOCTYPE html> 2 <html lang="en"> 3 <head> 4 <meta charset="UTF-8"> 5 <meta http-equiv="refresh" content=""> 6 <meta name="keywords" content=""> 7 <style></style> 8 <script src="https://cdn.bootcss.com/jquery/3.4.1/jquery.js"></script> 9 <link rel="stylesheet" href=""> 10 <title>login</title> 11 </head> 12 <body> 13 <form action="http://127.0.0.1:8888/login/" method="post"> 14 {# {% csrf_token %}<!--A hidden input Label ( csrf Certification mark)-->#} 15 <table> 16 <tr> 17 <td>User name:</td> 18 <td><input type="text" name="username"></td> 19 </tr> 20 <tr> 21 <td>Password:</td> 22 <td><input type="text" name="userpsd"></td> 23 </tr> 24 <tr> 25 <td><input type="reset"></td> 26 <td><input type="submit" ></td> 27 </tr> 28 </table> 29 </form> 30 </body> 31 </html> 32