Home       Trees       Indices       Help   
Django API
Package django :: Package contrib :: Package csrf :: Module middleware :: Class CsrfMiddleware
[hide private]
[frames] | no frames]

Class CsrfMiddleware

source code

object --+
         |
        CsrfMiddleware

Django middleware that adds protection against Cross Site Request Forgeries by adding hidden form fields to POST forms and checking requests for the correct value.

In the list of middlewares, SessionMiddleware is required, and must come after this middleware. CsrfMiddleWare must come after compression middleware.

If a session ID cookie is present, it is hashed with the SECRET_KEY setting to create an authentication token. This token is added to all outgoing POST forms and is expected on all incoming POST requests that have a session ID cookie.

If you are setting cookies directly, instead of using Django's session framework, this middleware will not work.

Instance Methods [hide private]
 
process_request(self, request) source code
 
process_response(self, request, response) source code

Inherited from object: __delattr__, __getattribute__, __hash__, __init__, __new__, __reduce__, __reduce_ex__, __repr__, __setattr__, __str__

Properties [hide private]

Inherited from object: __class__

   Home       Trees       Indices       Help   
Django API
Generated by Epydoc 3.0beta1 on Fri Dec 14 15:24:05 2007 http://epydoc.sourceforge.net