-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
El 21/07/14 15:57, Chen Xu escribió:
> I am writing a website using Django, and getting confused about
> CSRF token, I understand I need to include the csrf token on my web
> page to prevent the CSRF attack. However, I am also working on a
> mobile app, which will sends request to my website API, and get
> response back, how should I handle the CSRF token problem in this
> case?
How does your mobile app and your website API communicate?
Take a look at the documentation AJAX example here:
https://docs.djangoproject.com/en/1.6/ref/contrib/csrf/#ajax
It uses a custom "X-CSRFToken" header in the AJAX query from the client.
You can probably implement something similar in your app (if it isn't
implemented in javascript).
- --
Gonzalo Delgado
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iF4EAREIAAYFAlPNsWUACgkQzbfdFL5JoUlNgwD+MSz1AoP4ddGJkTNkbNZ7r80W
0jnMizvZ7f5tGoEdSAwA/j4LeVLF5pXGFj/hPLl/JHc1Kqw+BbhK53iTCFd9ZNzT
=Rbs/
-----END PGP SIGNATURE-----
--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/53CDB165.10709%40gonzalodelgado.com.ar.
For more options, visit https://groups.google.com/d/optout.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment