Enable CSRF protection only for HTML forms
Project description
django-csrf-protect-form
The CSRF middleware and template tag from Django framework provides easy-to-use protection against Cross Site Request Forgeries. This protector has some inconveniences for XHR POST requests.
This module enables CSRF protection only for HTML forms when content type of the request is one of the following:
application/x-www-form-urlencoded
multipart/form-data
text/plain
It is generally safe to exclude XHR requests from CSRF protection, because XHR requests can only be made from the same origin. Check your CORS configuration before using this module. Use django-cors-headers module to protect your site with CORS.
Installation
Install with pip or pipenv:
pip install django-csrf-protect-formConfiguration
You can set a list of content types which have CSRF protection enabled. The default value is:
CSRF_PROTECT_FORM_CONTENT_TYPE = [
'application/x-www-form-urlencoded',
'multipart/form-data',
'text/plain',
]Usage
views.py
from django_csrf_protect_form import csrf_protect_form
@csrf_protect_form
def hello(request):
return HttpResponse("<html><head></head><body>Hello, world!</body></html>")or:
urls.py
from django_csrf_protect_form import csrf_protect_form
from .views import hello
urlpatterns = [
url('hello/', csrf_protect_form(hello)),
]Documentation
License
Copyright © 2019, Piotr Roszatycki
This software is distributed under the GNU Lesser General Public License (LGPL 3 or greater).
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file django-csrf-protect-form-0.1.0.tar.gz.
File metadata
- Download URL: django-csrf-protect-form-0.1.0.tar.gz
- Upload date:
- Size: 16.8 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/1.12.1 pkginfo/1.4.2 requests/2.19.1 setuptools/40.4.3 requests-toolbelt/0.8.0 tqdm/4.26.0 CPython/3.7.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 49eef8a290a6bf1a66db3d49baeb792cb04ddc52ad5e7600f9ed40cebdbb2a8d |
|
| MD5 | d7b0987096978fd26f6a38d7393f973c |
|
| BLAKE2b-256 | 6b31735050f43c2dedb1623844cc9636ed9eeb0a828d9d54a5a756a378c36464 |
File details
Details for the file django_csrf_protect_form-0.1.0-py2.py3-none-any.whl.
File metadata
- Download URL: django_csrf_protect_form-0.1.0-py2.py3-none-any.whl
- Upload date:
- Size: 6.0 kB
- Tags: Python 2, Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/1.12.1 pkginfo/1.4.2 requests/2.19.1 setuptools/40.4.3 requests-toolbelt/0.8.0 tqdm/4.26.0 CPython/3.7.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 336e21f048b4e50423968c671faa55cb087d3a607b2943aa36710d9fa3c99151 |
|
| MD5 | 74143d15dece57da586e0e952b12d3be |
|
| BLAKE2b-256 | 5f58342080ae544b33d529ec3b7e783c7e9b9bcff31e810b664945bcc591b9c3 |
