[英]Django 1.4 without the csrf_token
I've just upgraded Django from 1.2.3 to 1.4 and realized that django.middleware.csrf.CsrfResponseMiddleware is depricated. 我刚刚将Django从1.2.3升级到1.4,并意识到django.middleware.csrf.CsrfResponseMiddleware已被删除。 Is there some other way where I don't have to use the csrf_token in every post? 还有其他方法我不必在每个帖子中使用csrf_token吗? It will be easier for the front end designers to not have to worry about django specific tokens. 前端设计人员不必担心django特定令牌。
Check the doc , especially csrf_exempt
and csrf_protect
decorators. 检查doc ,尤其是csrf_exempt
和csrf_protect
装饰器。
You could then use django.middleware.csrf.CsrfViewMiddleware
for default csrf protecting w/ csrf_exempt
to exempt special views; 然后你可以使用django.middleware.csrf.CsrfViewMiddleware
来保护w / csrf_exempt
默认csrf免除特殊视图; or only use csrf_protect
for each view to protect. 或者只对每个要保护的视图使用csrf_protect
。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.