def hand_rolled(request): if request.method == 'POST': csrf_token = request.POST.get('csrf_token', '') if not csrf_utils.validate_csrf_token(csrf_token, request): return HttpResponse('Invalid CSRF token') else: return HttpResponse('OK') return render_to_response('hand_rolled.html', { 'csrf_token': csrf_utils.new_csrf_token(request), 'csrf_cookie': request.COOKIES.get('_csrf_cookie', 'NOT SET'), })
def post(self, path, data={}, content_type=MULTIPART_CONTENT, follow=False, csrf='default', **extra): "Requests a response from the server using POST, auto-includes CSRF " "token unless csrf=False or the _csrf_cookie has not yet been set." if csrf and content_type == MULTIPART_CONTENT \ and not data.has_key('csrf_token'): data['csrf_token'] = csrf_utils.new_csrf_token( CsrfClient._CookieRequest(self.cookies), csrf ) return super(CsrfClient, self).post( path, data, content_type=content_type, follow=follow, csrf=csrf, **extra )
def hand_rolled_view(request): if request.method == 'POST': csrf_token = request.POST.get('csrf_token', '') if not csrf_utils.validate_csrf_token(csrf_token, request): return HttpResponse('Invalid CSRF token') else: return HttpResponse('OK') else: return HttpResponse(""" <form action="." method="post"> <input type="text" name="name"> <input type="hidden" name="csrf_token" value="%s"> </form> """ % csrf_utils.new_csrf_token(request))