django-session-csrf is an alternative implementation of Django's CSRF protection that does not use cookies. Instead, it maintains the CSRF token on the server using Django's session backend. The csrf token must still be included in all POST requests (either with csrfmiddlewaretoken in the form or with the X-CSRFTOKEN header).
Installation:
From PyPI:
pip install django-session-csrf
From github:
git clone git://github.com/mozilla/django-session-csrf.git
Replace django.core.context_processors.csrf with session_csrf.context_processor in your
TEMPLATE_CONTEXT_PROCESSORS:
TEMPLATE_CONTEXT_PROCESSORS = (
...
'session_csrf.context_processor',
...
)
Replace django.middleware.csrf.CsrfViewMiddleware with session_csrf.CsrfMiddleware in your MIDDLEWARE_CLASSES:
MIDDLEWARE_CLASSES = (
...
'session_csrf.CsrfMiddleware',
...
)
Then we have to monkeypatch Django to fix the @csrf_protect decorator:
import session_csrf
session_csrf.monkeypatch()
Make sure that's in something like manage.py so the patch gets applied before your views are imported.
Requirements:
- Python
Comments not found