Python Django中间件和CSRF代码示例

Django views Code

def csrf(request):
    return  render(request,'csrf.html')
def m(request):
    print('M test')
    return HttpResponse('M')

HTML

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>csrftest</title>
</head>
<body>
<form action="/csrf/">
    {%  csrf_token %}
    <input type="text" >
    <input type="submit" value="submit">
</form>
</body>
</html>
DJANGO中间件代码示例：

class test(object):
    def process_request(self,request):
        print ('test request')
    def process_response(self,request,response):
        print ('test response')
        return response

注册中间件：

MIDDLEWARE_CLASSES = [
    'django.middleware.security.SecurityMiddleware',
    'django.contrib.sessions.middleware.SessionMiddleware',
    'django.middleware.common.CommonMiddleware',
    'django.middleware.csrf.CsrfViewMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'django.contrib.auth.middleware.SessionAuthenticationMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware',
    'django.middleware.clickjacking.XFrameOptionsMiddleware',
    'app01.middles.test',
]

中间件访问流程：先到中间件请求这里，分为处理前和处理后，以及其它处理，我们可以根据中间件这种方式做一些全局类的黑名单
 CSRF，先获取TOKEN，带着TOKEN一起访问，防止跨站攻击！

posted @ 2016-06-20 15:40 FreeMan1 阅读(1041) 评论(0) 编辑收藏举报

会员力量，点亮园子希望

刷新页面返回顶部

FreeMan

等待自由的日子，终会到来！

Python Django中间件和CSRF代码示例

公告