Question about including CSRF token.
17 views
Skip to first unread message
Chen Xu
Jul 21, 2014, 2:57:53 PM7/21/14
to django...@googlegroups.com
Hi Everyone,
I am writing a website using Django, and getting confused about CSRF token, I understand I need to include the csrf token on my web page to prevent the CSRF attack. However, I am also working on a mobile app, which will sends request to my website API, and get response back, how should I handle the CSRF token problem in this case?
Thanks
--
⚡ Chen Xu ⚡
⚡ Chen Xu ⚡
Gonzalo Delgado
Jul 21, 2014, 8:34:11 PM7/21/14
to django...@googlegroups.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
El 21/07/14 15:57, Chen Xu escribió:
How does your mobile app and your website API communicate?
Take a look at the documentation AJAX example here:
https://docs.djangoproject.com/en/1.6/ref/contrib/csrf/#ajax
It uses a custom "X-CSRFToken" header in the AJAX query from the client.
You can probably implement something similar in your app (if it isn't
implemented in javascript).
- --
Gonzalo Delgado
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iF4EAREIAAYFAlPNsWUACgkQzbfdFL5JoUlNgwD+MSz1AoP4ddGJkTNkbNZ7r80W
0jnMizvZ7f5tGoEdSAwA/j4LeVLF5pXGFj/hPLl/JHc1Kqw+BbhK53iTCFd9ZNzT
=Rbs/
-----END PGP SIGNATURE-----
Hash: SHA256
El 21/07/14 15:57, Chen Xu escribió:
Take a look at the documentation AJAX example here:
https://docs.djangoproject.com/en/1.6/ref/contrib/csrf/#ajax
It uses a custom "X-CSRFToken" header in the AJAX query from the client.
You can probably implement something similar in your app (if it isn't
implemented in javascript).
- --
Gonzalo Delgado
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iF4EAREIAAYFAlPNsWUACgkQzbfdFL5JoUlNgwD+MSz1AoP4ddGJkTNkbNZ7r80W
0jnMizvZ7f5tGoEdSAwA/j4LeVLF5pXGFj/hPLl/JHc1Kqw+BbhK53iTCFd9ZNzT
=Rbs/
-----END PGP SIGNATURE-----
Reply all
Reply to author
Forward
0 new messages