Django views Code
def csrf(request):
return render(request,'csrf.html')
def m(request):
print('M test')
return HttpResponse('M')
HTML
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>csrftest</title>
</head>
<body>
<form action="/csrf/">
{% csrf_token %}
<input type="text" >
<input type="submit" value="submit">
</form>
</body>
</html>
DJANGO中间件代码示例:
class test(object):
def process_request(self,request):
print ('test request')
def process_response(self,request,response):
print ('test response')
return response
注册中间件:
MIDDLEWARE_CLASSES = [
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.auth.middleware.SessionAuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
'app01.middles.test',
]
中间件访问流程:先到中间件请求这里,分为处理前和处理后,以及其它处理,我们可以根据中间件这种方式做一些全局类的黑名单
CSRF,先获取TOKEN,带着TOKEN一起访问,防止跨站攻击!