Always have CSRF and Session cookies
Middleware that ensures clients always have CSRF tokens and session ids. Useful for some fat-client apps.
- middleware
- cookie
- session
- csrf
Snippet List
Jquery ajax csrf framework for Django
1. Framework to extend the jquery ajax() function to construct post requests that contain a csrf token. 2. The example view used with the framework takes JSON data and returns JSON data containing either: 3. "success" with a message and additional dictionary of JSON data to use in the page 4. "error" with an error message. 5. The ajax function framework satisfies Django's csrf requirements by injecting a csrf token into the post requests created using the function. This example is a form with ~160 fields that we wanted to help fill in customer information to automatically. 1. User calls the lookup() script from the onblur attribute of the customer_id form field by leaving the field. 2. The lookup script takes the contents of the customer_id formfield and uses the jquery ajax() function to construct a JSON post request to the "/json /?act=" url. 3. The json view takes actions as get requests. We pass the post request to the JSON url already including the get request. "/json/?act=lookup" 4. The jquery framework in the snippet includes a csrf token in the ajax request automatically. 5. The customer_id is passed as JSON to the json view lookup action and customer details are attempted to be looked up in the database. 6. If successful the request returns a JSON dictionary of customer details which are pushed into the formfields using javascript in the lookup() function. The end result is if the user fills out the customer_id field of the form first (which we suggest with tooltip overlay) the customer name and address information will populate automatically. *Credit to Guangcong Luo https://github.com/Zarel
- json
- jquery
- csrf
Manual CSRF check for Django Facebook canvas applications
The way to manually control CSRF correctness for FB applications. Automatic check cannot be used because FB does POST on your canvas URL when initializing your application without CSRF token. If you still want to use Django CSRF stuff do manual checks. You only need to perform manual check when there is no correct signed_request present in your request - correct request means you really deal with FB. Use facebook_csrf_check to verify POST requests when signed_request is absent.
- django
- python
- post
- csrf
- fb
create_c
Instead of creating a dictionary on every view everytime you could do this and just call it like c = create_c(request)
- templates
- request
- data
- csrf
Add CSRF token to templates
Searches through templates, adding the `{% csrf_token %}` tag whenever it finds a form that posts.
- bash
- csrf
Bypass CSRF check for Facebook canvas apps using POST for canvas
This assumes that you have a method called **decode_signed_request** which will validate the signed_request parameter and return None if the validation check fails. A similar method can be found here - https://github.com/iplatform/pyFaceGraph/blob/70e456c79f1ac1c7eddece03af323346a00481ef/src/facegraph/canvas.py
- django
- python
- post
- csrf
- fb
Ignore Csrf Middleware
Add to your middleware classes before 'django.middleware.csrf.CsrfViewMiddleware'.
- middleware
- csrf
jinja2 csrf_token extension
init env `env = Envoriment(extensions=('youproject.app.extensions.csrf_token'), loader=loader)` or see [http://www.djangosnippets.org/snippets/1844/] and in settings.py: `JINJA_EXTS=('jinja2.ext.i18n','youproject.app.extensions.csrf_token',)` use this extension in jinja2 template just like django template: `<form ...>{% csrf_token %}...</form>`
- template
- jinja2
- csrf
CSRF this!
A form with built-in CSRF protection. Include CsrfCookieMiddleware in your MIDDLEWARE_SETTINGS, subclass SafeForm and off you go. See: [this django-developers post](http://groups.google.com/group/django-developers/browse_thread/thread/2c33621003992d07?hl=en) for more info. [edit] This form is actually WAY overengineered currently. Will update soon.
- forms
- csrf
SignedForm: CSRF-protect forms with a hidden token field
This form subclass helps protect against cross-site request forgery by adding a hidden field named `csrf_token` to forms. The form must be initialized with the request as a keyword argument, both with and without POST data: my_form = MySignedForm(request=request) ... my_form = MySignedForm(request.POST, request=request) Upon validation, a `PermissionDenied` exception will be raised if forgery is detected. If any security details have been overlooked in this recipe, please leave a comment.
- forms
- csrf
10 snippets posted so far.