Skip to main content

Enable CSRF protection only for HTML forms

Project description

https://img.shields.io/pypi/v/django-csrf-protect-form.svg https://travis-ci.org/dex4er/django-csrf-protect-form.svg?branch=master https://readthedocs.org/projects/django-csrf-protect-form/badge/?version=latest https://img.shields.io/pypi/pyversions/django-csrf-protect-form.svg https://img.shields.io/pypi/djversions/django-csrf-protect-form.svg

django-csrf-protect-form

The CSRF middleware and template tag from Django framework provides easy-to-use protection against Cross Site Request Forgeries. This protector has some inconveniences for XHR POST requests.

This module enables CSRF protection only for HTML forms when content type of the request is one of the following:

  • application/x-www-form-urlencoded
  • multipart/form-data
  • text/plain

It is generally safe to exclude XHR requests from CSRF protection, because XHR requests can only be made from the same origin. Check your CORS configuration before using this module. Use django-cors-headers module to protect your site with CORS.

Installation

Install with pip or pipenv:

pip install django-csrf-protect-form

Configuration

You can set a list of content types which have CSRF protection enabled. The default value is:

CSRF_PROTECT_FORM_CONTENT_TYPE = [
  'application/x-www-form-urlencoded',
  'multipart/form-data',
  'text/plain',
]

Usage

views.py

from django_csrf_protect_form import csrf_protect_form

@csrf_protect_form
def hello(request):
    return HttpResponse("<html><head></head><body>Hello, world!</body></html>")

or:

urls.py

from django_csrf_protect_form import csrf_protect_form
from .views import hello

urlpatterns = [
    url('hello/', csrf_protect_form(hello)),
]

License

Copyright © 2019, Piotr Roszatycki

This software is distributed under the GNU Lesser General Public License (LGPL 3 or greater).

Project details


Release history Release notifications

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Files for django-csrf-protect-form, version 0.1.0
Filename, size File type Python version Upload date Hashes
Filename, size django_csrf_protect_form-0.1.0-py2.py3-none-any.whl (6.0 kB) File type Wheel Python version py2.py3 Upload date Hashes View hashes
Filename, size django-csrf-protect-form-0.1.0.tar.gz (16.8 kB) File type Source Python version None Upload date Hashes View hashes

Supported by

Elastic Elastic Search Pingdom Pingdom Monitoring Google Google BigQuery Sentry Sentry Error logging AWS AWS Cloud computing DataDog DataDog Monitoring Fastly Fastly CDN DigiCert DigiCert EV certificate StatusPage StatusPage Status page