How to escape the required login or protection ensured by the middleware in Django?
Question
A Django web application usually has login required, however there is a url or view that does not need to have a login_required. How to make it work?
2 answers
solution1
0 2020-04-07 17:50:13
re_path(r'^admin/', admin.site.urls), path('about/',views.about,name="about"),
By default all the admin urls are login protected and if you do not use admin site and if you do not use any login_required decorator in views.py then that url will not be login required just like the "about/" url here.
solution2
0 ACCPTED 2020-04-08 12:30:15
The following is mentioned by Django Documentation https://docs.djangoproject.com/en/3.0/ref/csrf/#django.views.decorators.csrf.csrf_exempt , that looks the correct solution.
Utilities
The examples below assume you are using function-based views. If you are working with class-based views, you can refer to Decorating class-based views.
csrf_exempt(view)
This decorator marks a view as being exempt from the protection ensured by the middleware. Example:
from django.http import HttpResponse
from django.views.decorators.csrf import csrf_exempt
@csrf_exempt
def my_view(request):
return HttpResponse('Hello world')
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.