django.middleware.csrf.CsrfViewMiddleware

class documentation

class CsrfViewMiddleware(MiddlewareMixin): (source)

Known subclasses: django.views.decorators.csrf._EnsureCsrfCookie, django.views.decorators.csrf._EnsureCsrfToken

Require a present and correct csrfmiddlewaretoken for POST requests that have a CSRF cookie, and set an outgoing CSRF cookie. This middleware should be used in conjunction with the {% csrf_token %} template tag.

Method	`process_request`	Undocumented
Method	`process_response`	Undocumented
Method	`process_view`	Undocumented
Property	`allowed_origin_subdomains`	A mapping of allowed schemes to list of allowed netlocs, where all subdomains of the netloc are allowed.
Property	`allowed_origins_exact`	Undocumented
Property	`csrf_trusted_origins_hosts`	Undocumented
Method	`_accept`	Undocumented
Method	`_bad_token_message`	Undocumented
Method	`_check_referer`	Undocumented
Method	`_check_token`	Undocumented
Method	`_get_secret`	Return the CSRF secret originally associated with the request, or None if it didn't have one.
Method	`_origin_verified`	Undocumented
Method	`_reject`	Undocumented
Method	`_set_csrf_cookie`	Undocumented

Inherited from MiddlewareMixin:

Async Method	`__acall__`	Async version of __call__ that is swapped in when an async request is running.
Method	`__call__`	Undocumented
Method	`__init__`	Undocumented
Method	`__repr__`	Undocumented
Class Variable	`async_capable`	Undocumented
Class Variable	`sync_capable`	Undocumented
Instance Variable	`get_response`	Undocumented
Method	`_async_check`	If get_response is a coroutine function, turns us into async mode so a thread is not consumed during a whole request.
Instance Variable	`_is_coroutine`	Undocumented

def process_request(self, request): (source) ¶

Undocumented

def process_response(self, request, response): (source) ¶

Undocumented

def process_view(self, request, callback, callback_args, callback_kwargs): (source) ¶

overridden in django.views.decorators.csrf._EnsureCsrfCookie

Undocumented

@cached_property
allowed_origin_subdomains = (source) ¶

A mapping of allowed schemes to list of allowed netlocs, where all subdomains of the netloc are allowed.

@cached_property
allowed_origins_exact = (source) ¶

Undocumented

@cached_property
csrf_trusted_origins_hosts = (source) ¶

Undocumented

def _accept(self, request): (source) ¶

Undocumented

def _bad_token_message(self, reason, token_source): (source) ¶

Undocumented

def _check_referer(self, request): (source) ¶

Undocumented

def _check_token(self, request): (source) ¶

Undocumented

def _get_secret(self, request): (source) ¶

Return the CSRF secret originally associated with the request, or None if it didn't have one. If the CSRF_USE_SESSIONS setting is false, raises InvalidTokenFormat if the request's secret has invalid characters or an invalid length.

def _origin_verified(self, request): (source) ¶

Undocumented

def _reject(self, request, reason): (source) ¶

overridden in django.views.decorators.csrf._EnsureCsrfCookie, django.views.decorators.csrf._EnsureCsrfToken

Undocumented

def _set_csrf_cookie(self, request, response): (source) ¶

Undocumented