Cross Site Request Forgery Middleware. This module provides a middleware that implements protection against request forgeries from other sites.
Class |
|
Require a present and correct csrfmiddlewaretoken for POST requests that have a CSRF cookie, and set an outgoing CSRF cookie. |
Exception |
|
Undocumented |
Exception |
|
Undocumented |
Function | get |
Return the CSRF token required for a POST form. The token is an alphanumeric value. A new token is created if one is not already set. |
Function | rotate |
Change the CSRF token in use for a request - should be done on login for security purposes. |
Constant | CSRF |
Undocumented |
Constant | CSRF |
Undocumented |
Constant | CSRF |
Undocumented |
Constant | CSRF |
Undocumented |
Constant | REASON |
Undocumented |
Constant | REASON |
Undocumented |
Constant | REASON |
Undocumented |
Constant | REASON |
Undocumented |
Constant | REASON |
Undocumented |
Constant | REASON |
Undocumented |
Constant | REASON |
Undocumented |
Constant | REASON |
Undocumented |
Constant | REASON |
Undocumented |
Variable | invalid |
Undocumented |
Variable | logger |
Undocumented |
Function | _add |
Generate a new random CSRF_COOKIE value, and add it to request.META. |
Function | _check |
Raise an InvalidTokenFormat error if the token has an invalid length or characters that aren't allowed. The token argument can be a CSRF cookie secret or non-cookie CSRF token, and either masked or unmasked. |
Function | _does |
Return whether the given CSRF token matches the given CSRF secret, after unmasking the token if necessary. |
Function | _get |
Return the view to be used for CSRF rejections. |
Function | _get |
Undocumented |
Function | _mask |
Given a secret (assumed to be a string of CSRF_ALLOWED_CHARS), generate a token by adding a mask and applying it to the secret. |
Function | _unmask |
Given a token (assumed to be a string of CSRF_ALLOWED_CHARS, of length CSRF_TOKEN_LENGTH, and that its first half is a mask), use it to decrypt the second half to produce the original secret. |
Return the CSRF token required for a POST form. The token is an alphanumeric value. A new token is created if one is not already set. A side effect of calling this function is to make the csrf_protect decorator and the CsrfViewMiddleware add a CSRF cookie and a 'Vary: Cookie' header to the outgoing response. For this reason, you may need to use this function lazily, as is done by the csrf context processor.
Raise an InvalidTokenFormat error if the token has an invalid length or characters that aren't allowed. The token argument can be a CSRF cookie secret or non-cookie CSRF token, and either masked or unmasked.
Return whether the given CSRF token matches the given CSRF secret, after unmasking the token if necessary. This function assumes that the request_csrf_token argument has been validated to have the correct length (CSRF_SECRET_LENGTH or CSRF_TOKEN_LENGTH characters) and allowed characters, and that if it has length CSRF_TOKEN_LENGTH, it is a masked secret.