dj4e-samples icon indicating copy to clipboard operation
dj4e-samples copied to clipboard

Published 20 hours ago verified publisher icon csev

favs app | secure csrf_token option

Open LiorA1 opened this issue 3 years ago • 1 comments

In the favs app - The views 'AddFavoriteView' and 'DeleteFavoriteView', use in the 'csrf_exempt' decorator, because we want to allow non-secure access, but I found a way to use csrf token for them. As can you see here: views.py: https://github.com/LiorA1/Django/blob/main/dj4e-samples/favs/views.py#L79 I Solved it, by adding 'csrf_token' in the 'list.html' template: https://github.com/LiorA1/Django/blob/main/dj4e-samples/favs/templates/favs/list.html#L68

LiorA1 avatar Apr 20 '21 13:04 LiorA1

Thanks. This is a great suggestion. I will be adding a new "up/down vote" sample code and will use this approach in that code right away. And then when I can re-record lectures I will move this into the favs code.

csev avatar Apr 20 '21 14:04 csev