django - How to exempt CSRF Protection on direct_to_template

Question

Welcome To Ask or Share your Answers For Others

django - How to exempt CSRF Protection on direct_to_template

asked Oct 24, 2021 in Technique[技术] by 深蓝 (71.8m points)

django - How to exempt CSRF Protection on direct_to_template

I have a flow in my django application in which I redirect the user to another service (e.g. PayPal) which after some its own processing, returns the user back on my own server. The returning point on my server is a simple HTML success page which I render using direct_to_template.

For some odd reasons, the other server sends a POST request and hence the user sees a CSRF token missing error as the other server doesn't send back any CSRF token.

How do I exempt a direct_to_template view from CSRF tokens?

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙；凝视深渊过久,深渊将回以凝视…

1 Answer

深蓝 · Answer 1 · 2021-10-23T18:43:57+0000

You can use the csrf_exempt decorator to disable CSRF protection for a particular view.

Say your url pattern is:

('^my_page/$', direct_to_template, {'template': 'my_page.html'})

Add the following import to your urls.py:

from django.views.decorators.csrf import csrf_exempt

Then change the url pattern to:

('^my_page/$', csrf_exempt(direct_to_template), {'template': 'my_page.html'})

Categories

django - How to exempt CSRF Protection on direct_to_template

django - How to exempt CSRF Protection on direct_to_template

Please log in or register to add a comment.

Please log in or register to answer this question.

1 Answer

Please log in or register to add a comment.

Just Browsing Browsing

Most popular tags