Search
 
SCRIPT & CODE EXAMPLE
 

PYTHON

django post request 403 forbidden

This answer is for people that may encounter this same problem in the future.

The CSRF {{csrf_token}} template tag that is required for forms in Django prevent against Cross Site Request Forgeries. CSRF makes it possible for a malicious site that has been visited by a client's browser to make requests to your own server. Hence the csrf_token provided by django makes it simple for your django server and site to be protected against this type of malicious attack. If your form is not protected by csrf_token, django returns a 403 forbidden page. This is a form of protection for your website especially when the token wasn't left out intentionally.

But there are scenarios where a django site would not want to protect its forms using the csrf_token. For instance, I developed a USSD application and a view function is required to receive a POST request from the USSD API. We should note that the POST request was not from a form on the client hence the risk of CSRF impossible, since a malicious site cannot submit requests. The POST request is received when a user dials a USSD code and not when a form is submitted.

In other words, there are situations where a function will need to get a POST request and there would not be the need of {{csrf_token}}.

Django provides us with a decorator @csrf_exempt. This decorator marks a view as being exempt from the protection ensured by the middleware.


from django.views.decorators.csrf import csrf_exempt
from django.http import HttpResponse

@csrf_exempt
def my_view(request):
    return HttpResponse('Hello world')
Comment

PREVIOUS NEXT
Code Example
Python :: how to remove blank lines from string in python 
Python :: adding numbers using python function 
Python :: if django 
Python :: minimum-number-of-steps-to-reduce-number-to-1 
Python :: how to append data to csv file in python without replacing the already present text 
Python :: horizontal bar plot python 
Python :: sorting by second element 
Python :: how to keep a webdriver tab open 
Python :: how to find if user input is lower case or upper case in python 
Python :: python zip extract directory 
Python :: enumerate python 
Python :: python string math 
Python :: tkinter button foreground color click 
Python :: install sklearn-features 
Python :: python list of integers 
Python :: pipilika search engine 
Python :: plt change grid color 
Python :: dataframe get row by name 
Python :: numpy remove element 
Python :: detect keypress in python 
Python :: how to create table in a database in python 
Python :: Concatenate Item in list to strings 
Python :: selenium get parent element python 
Python :: Python Tkinter timer animation 
Python :: python datetime get all days between two dates 
Python :: delete all files in a directory python 
Python :: python randomly chose user agent 
Python :: wolfram alpha python module 
Python :: try except python 
Python :: add custom field to serializer 
ADD CONTENT
Topic
Content
Source link
Name
3+8 =