django-关于取消csrf验证的问题

  1. 使用装饰器
@csrf_exempt
def register(request):
  username = request.POST['username']
  password = request.POST['password']
  ........
  1. 取消单个视图函数的csrf验证
path('register/', csrf_exempt(RegisterView.as_view())), 
  1. 注销掉CsrfViewMiddleware这个中间件
MIDDLEWARE = [
    'corsheaders.middleware.CorsMiddleware',
    'django.middleware.security.SecurityMiddleware',
    'django.contrib.sessions.middleware.SessionMiddleware',
    'django.middleware.common.CommonMiddleware',
    # 'django.middleware.csrf.CsrfViewMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware',
    'django.middleware.clickjacking.XFrameOptionsMiddleware',
]

上一篇:CSRF(跨站请求伪造攻击)


下一篇:安全问题都说了N~N遍了,你这鸟人还不重视!