Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

favs app | secure csrf_token option #21

Open
LiorA1 opened this issue Apr 20, 2021 · 1 comment
Open

favs app | secure csrf_token option #21

LiorA1 opened this issue Apr 20, 2021 · 1 comment

Comments

@LiorA1
Copy link

LiorA1 commented Apr 20, 2021

In the favs app -
The views 'AddFavoriteView' and 'DeleteFavoriteView', use in the 'csrf_exempt' decorator, because we want to allow non-secure access, but I found a way to use csrf token for them.
As can you see here:
views.py: https://github.com/LiorA1/Django/blob/main/dj4e-samples/favs/views.py#L79
I Solved it, by adding 'csrf_token' in the 'list.html' template:
https://github.com/LiorA1/Django/blob/main/dj4e-samples/favs/templates/favs/list.html#L68
@csev
Copy link
Owner

csev commented Apr 20, 2021

Thanks. This is a great suggestion. I will be adding a new "up/down vote" sample code and will use this approach in that code right away. And then when I can re-record lectures I will move this into the favs code.

# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@csev @LiorA1