mirror of
https://github.com/encode/django-rest-framework.git
synced 2024-11-23 18:13:57 +03:00
12 lines
613 B
Markdown
12 lines
613 B
Markdown
|
# Working with AJAX and CSRF
|
||
|
|
||
|
> "Take a close look at possible CSRF / XSRF vulnerabilities on your own websites. They're the worst kind of vulnerability -- very easy to exploit by attackers, yet not so intuitively easy to understand for software developers, at least until you've been bitten by one."
|
||
|
>
|
||
|
> — [Jeff Atwood][cite]
|
||
|
|
||
|
* Explain need to add CSRF token to AJAX requests.
|
||
|
* Explain defered CSRF style used by REST framework
|
||
|
* Why you should use Django's standard login/logout views, and not REST framework view
|
||
|
|
||
|
|
||
|
[cite]: http://www.codinghorror.com/blog/2008/10/preventing-csrf-and-xsrf-attacks.html
|