django - passing CSRF credentials as url parameters? -

how handle csrf credentials sent django url parameters?

i ask because is, evidently, the way submit file upload via form in iframe.

most online examples show pass csrf credentials headers,

xhr.setrequestheader("x-csrftoken", csrftoken );

but not option iframe transport in ie/opera.

i can use csrf_exempt, leaves site vulnerable.

you create middleware takes csrf_token params , places on request before csrfviewmiddleware attempts validate

class csrfgetparammiddleware(object):     def process_request(self, request):         request.meta['http_x_csrftoken'] = request.get.get('csrf_token')         return none

place middleware above csrfviewmiddleware

middleware_classes = (     'csrfgetparammiddleware',     'django.middleware.csrf.csrfviewmiddleware', )

this save validating or subclassing csrfviewmiddleware

Search This Blog

Brande

django - passing CSRF credentials as url parameters? -

Comments

Post a Comment

Popular posts from this blog

linux - Does gcc have any options to add version info in ELF binary file? -

android - send complex objects as post php java -

charts - What graph/dashboard product is facebook using in Dashboard: PUE & WUE -