How do I include CSRF token in a curl request then? I use curl for debugging. Cannot seem to find any info on Google :(
On Jan 20, 5:11 am, Russell Keith-Magee <russ...@keith-magee.com> wrote: > On Thu, Jan 20, 2011 at 8:57 PM, Shawn Milochik <sh...@milochik.com> wrote: > > > On Jan 19, 2011, at 8:01 PM, scabbage wrote: > > >> Is there a way to completely disable CSRF handling? > > > Sure, just remove the CSRF middleware from your settings.py. > > While this advice is 100% accurate, I'd would *strongly* caution you > not to follow it. > > If someone has a problem losing their house keys, the solution isn't > to remove your front door. Yes, removing the door does remove the need > for keys, but also leaves your house open to the weather, animals, > criminals, and so on. The fix, while it does solve the immediate > problem, makes the overall situation much worse. > > Django's CSRF framework exists, and is enabled by default, for a > reason. CSRF attacks are both real and common, and defence against > CSRF is an important part of any serious web deployment. > > If you're having difficulty with CSRF, the solution isn't to disable > CSRF. The solution is to work out what CSRF protection means, and how > to use it correctly. Although it's a little esoteric, and a little > unusual if you've come from a web framework that doesn't enforce good > security practices, it isn't *that* hard to use. You would be well > served to understand what is going on, rather than making the CSRF > problem go away by ignoring it. > > Yours, > Russ Magee %-) -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
