2012-09-02 00:24:33 +04:00
<!DOCTYPE html>
< html lang = "en" > < head > < meta http-equiv = "Content-Type" content = "text/html; charset=UTF-8" >
< meta charset = "utf-8" >
< title > Django REST framework< / title >
2012-10-05 18:26:53 +04:00
< link href = "http://tomchristie.github.com/django-rest-framework/img/favicon.ico" rel = "icon" type = "image/x-icon" >
2012-09-02 00:24:33 +04:00
< meta name = "viewport" content = "width=device-width, initial-scale=1.0" >
< meta name = "description" content = "" >
< meta name = "author" content = "" >
<!-- Le styles -->
2012-09-08 23:24:07 +04:00
< link href = "http://tomchristie.github.com/django-rest-framework/css/prettify.css" rel = "stylesheet" >
2012-09-02 00:37:41 +04:00
< link href = "http://tomchristie.github.com/django-rest-framework/css/bootstrap.css" rel = "stylesheet" >
< link href = "http://tomchristie.github.com/django-rest-framework/css/bootstrap-responsive.css" rel = "stylesheet" >
2012-09-13 12:40:09 +04:00
< link href = "http://tomchristie.github.com/django-rest-framework/css/default.css" rel = "stylesheet" >
2012-09-02 00:24:33 +04:00
<!-- Le HTML5 shim, for IE6 - 8 support of HTML5 elements -->
<!-- [if lt IE 9]>
< script src = "http://html5shim.googlecode.com/svn/trunk/html5.js" > < / script >
<![endif]-->
2012-10-01 19:27:59 +04:00
< body onload = "prettyPrint()" class = "csrf-page" >
2012-09-02 00:24:33 +04:00
2012-10-05 22:27:27 +04:00
< div class = "wrapper" >
2012-09-02 00:24:33 +04:00
< div class = "navbar navbar-inverse navbar-fixed-top" >
< div class = "navbar-inner" >
< div class = "container-fluid" >
2012-09-12 16:12:00 +04:00
< a class = "repo-link btn btn-primary btn-small" href = "https://github.com/tomchristie/django-rest-framework/tree/restframework2" > GitHub< / a >
2012-09-02 00:24:33 +04:00
< a class = "btn btn-navbar" data-toggle = "collapse" data-target = ".nav-collapse" >
< span class = "icon-bar" > < / span >
< span class = "icon-bar" > < / span >
< span class = "icon-bar" > < / span >
< / a >
2012-09-02 00:37:41 +04:00
< a class = "brand" href = "http://tomchristie.github.com/django-rest-framework" > Django REST framework< / a >
2012-09-02 00:24:33 +04:00
< div class = "nav-collapse collapse" >
< ul class = "nav" >
2012-09-02 00:37:41 +04:00
< li > < a href = "http://tomchristie.github.com/django-rest-framework" > Home< / a > < / li >
2012-09-02 00:24:33 +04:00
< li class = "dropdown" >
< a href = "#" class = "dropdown-toggle" data-toggle = "dropdown" > Tutorial < b class = "caret" > < / b > < / a >
< ul class = "dropdown-menu" >
2012-10-09 15:01:56 +04:00
< li > < a href = "http://tomchristie.github.com/django-rest-framework/tutorial/quickstart" > Quickstart< / a > < / li >
2012-09-02 00:37:41 +04:00
< li > < a href = "http://tomchristie.github.com/django-rest-framework/tutorial/1-serialization" > 1 - Serialization< / a > < / li >
< li > < a href = "http://tomchristie.github.com/django-rest-framework/tutorial/2-requests-and-responses" > 2 - Requests and responses< / a > < / li >
< li > < a href = "http://tomchristie.github.com/django-rest-framework/tutorial/3-class-based-views" > 3 - Class based views< / a > < / li >
< li > < a href = "http://tomchristie.github.com/django-rest-framework/tutorial/4-authentication-permissions-and-throttling" > 4 - Authentication, permissions and throttling< / a > < / li >
< li > < a href = "http://tomchristie.github.com/django-rest-framework/tutorial/5-relationships-and-hyperlinked-apis" > 5 - Relationships and hyperlinked APIs< / a > < / li >
2012-10-10 12:36:47 +04:00
<!-- <li><a href="http://tomchristie.github.com/django - rest - framework/tutorial/6 - resource - orientated - projects">6 - Resource orientated projects</a></li> -->
2012-09-02 00:24:33 +04:00
< / ul >
< / li >
< li class = "dropdown" >
< a href = "#" class = "dropdown-toggle" data-toggle = "dropdown" > API Guide < b class = "caret" > < / b > < / a >
< ul class = "dropdown-menu" >
2012-09-02 00:37:41 +04:00
< li > < a href = "http://tomchristie.github.com/django-rest-framework/api-guide/requests" > Requests< / a > < / li >
< li > < a href = "http://tomchristie.github.com/django-rest-framework/api-guide/responses" > Responses< / a > < / li >
< li > < a href = "http://tomchristie.github.com/django-rest-framework/api-guide/views" > Views< / a > < / li >
2012-09-12 13:14:01 +04:00
< li > < a href = "http://tomchristie.github.com/django-rest-framework/api-guide/generic-views" > Generic views< / a > < / li >
2012-09-02 00:37:41 +04:00
< li > < a href = "http://tomchristie.github.com/django-rest-framework/api-guide/parsers" > Parsers< / a > < / li >
< li > < a href = "http://tomchristie.github.com/django-rest-framework/api-guide/renderers" > Renderers< / a > < / li >
< li > < a href = "http://tomchristie.github.com/django-rest-framework/api-guide/serializers" > Serializers< / a > < / li >
2012-10-05 20:10:33 +04:00
< li > < a href = "http://tomchristie.github.com/django-rest-framework/api-guide/fields" > Serializer fields< / a > < / li >
2012-09-02 00:37:41 +04:00
< li > < a href = "http://tomchristie.github.com/django-rest-framework/api-guide/authentication" > Authentication< / a > < / li >
< li > < a href = "http://tomchristie.github.com/django-rest-framework/api-guide/permissions" > Permissions< / a > < / li >
< li > < a href = "http://tomchristie.github.com/django-rest-framework/api-guide/throttling" > Throttling< / a > < / li >
2012-10-01 19:27:59 +04:00
< li > < a href = "http://tomchristie.github.com/django-rest-framework/api-guide/pagination" > Pagination< / a > < / li >
2012-09-12 13:14:01 +04:00
< li > < a href = "http://tomchristie.github.com/django-rest-framework/api-guide/content-negotiation" > Content negotiation< / a > < / li >
< li > < a href = "http://tomchristie.github.com/django-rest-framework/api-guide/format-suffixes" > Format suffixes< / a > < / li >
< li > < a href = "http://tomchristie.github.com/django-rest-framework/api-guide/reverse" > Returning URLs< / a > < / li >
2012-09-02 00:37:41 +04:00
< li > < a href = "http://tomchristie.github.com/django-rest-framework/api-guide/exceptions" > Exceptions< / a > < / li >
< li > < a href = "http://tomchristie.github.com/django-rest-framework/api-guide/status-codes" > Status codes< / a > < / li >
2012-09-05 16:05:36 +04:00
< li > < a href = "http://tomchristie.github.com/django-rest-framework/api-guide/settings" > Settings< / a > < / li >
2012-09-02 00:24:33 +04:00
< / ul >
< / li >
< li class = "dropdown" >
< a href = "#" class = "dropdown-toggle" data-toggle = "dropdown" > Topics < b class = "caret" > < / b > < / a >
< ul class = "dropdown-menu" >
2012-09-02 00:37:41 +04:00
< li > < a href = "http://tomchristie.github.com/django-rest-framework/topics/csrf" > Working with AJAX and CSRF< / a > < / li >
2012-10-13 18:09:05 +04:00
< li > < a href = "http://tomchristie.github.com/django-rest-framework/topics/browser-enhancements" > Browser enhancements< / a > < / li >
2012-10-13 18:35:46 +04:00
< li > < a href = "http://tomchristie.github.com/django-rest-framework/topics/browsable-api" > The Browsable API< / a > < / li >
2012-10-08 15:19:26 +04:00
< li > < a href = "http://tomchristie.github.com/django-rest-framework/topics/rest-hypermedia-hateoas" > REST, Hypermedia & HATEOAS< / a > < / li >
2012-09-05 16:05:36 +04:00
< li > < a href = "http://tomchristie.github.com/django-rest-framework/topics/contributing" > Contributing to REST framework< / a > < / li >
2012-10-08 15:19:26 +04:00
< li > < a href = "http://tomchristie.github.com/django-rest-framework/topics/migration" > 2.0 Migration Guide< / a > < / li >
2012-10-17 16:50:08 +04:00
< li > < a href = "http://tomchristie.github.com/django-rest-framework/topics/release-notes" > Release Notes< / a > < / li >
2012-09-02 00:37:41 +04:00
< li > < a href = "http://tomchristie.github.com/django-rest-framework/topics/credits" > Credits< / a > < / li >
2012-09-02 00:24:33 +04:00
< / ul >
< / li >
< / ul >
< ul class = "nav pull-right" >
2012-10-09 17:13:19 +04:00
<!-- TODO
2012-09-08 11:03:30 +04:00
< li class = "dropdown" >
< a href = "#" class = "dropdown-toggle" data-toggle = "dropdown" > Version: 2.0.0 < b class = "caret" > < / b > < / a >
< ul class = "dropdown-menu" >
< li > < a href = "#" > Trunk< / a > < / li >
< li > < a href = "#" > 2.0.0< / a > < / li >
< / ul >
< / li >
2012-10-09 17:13:19 +04:00
-->
2012-09-08 11:03:30 +04:00
< / ul >
2012-09-02 00:24:33 +04:00
< / div > <!-- /.nav - collapse -->
< / div >
< / div >
< / div >
2012-10-05 22:27:27 +04:00
< div class = "body-content" >
< div class = "container-fluid" >
< div class = "row-fluid" >
2012-10-05 16:22:18 +04:00
2012-10-05 22:27:27 +04:00
< div class = "span3" >
2012-10-08 15:19:26 +04:00
<!-- TODO
< p style = "margin-top: -12px" >
< a class = "btn btn-mini btn-primary" style = "width: 60px" > « previous< / a >
< a class = "btn btn-mini btn-primary" style = "float: right; margin-right: 8px; width: 60px;" > next » < / a >
< / p >
-->
2012-10-05 22:27:27 +04:00
< div id = "table-of-contents" >
< ul class = "nav nav-list side-nav well sidebar-nav-fixed" >
< li class = "main" > < a href = "#working-with-ajax-and-csrf" > Working with AJAX and CSRF< / a > < / li >
2012-09-02 00:24:33 +04:00
2012-10-05 22:27:27 +04:00
< / ul >
< / div >
2012-09-08 11:03:30 +04:00
< / div >
2012-09-02 00:24:33 +04:00
2012-10-05 22:27:27 +04:00
< div id = "main-content" class = "span9" >
< h1 id = "working-with-ajax-and-csrf" > Working with AJAX and CSRF< / h1 >
2012-09-02 00:24:33 +04:00
< blockquote >
< p > "Take a close look at possible CSRF / XSRF vulnerabilities on your own websites. They're the worst kind of vulnerability -- very easy to exploit by attackers, yet not so intuitively easy to understand for software developers, at least until you've been bitten by one."< / p >
< p > — < a href = "http://www.codinghorror.com/blog/2008/10/preventing-csrf-and-xsrf-attacks.html" > Jeff Atwood< / a > < / p >
< / blockquote >
< ul >
< li > Explain need to add CSRF token to AJAX requests.< / li >
< li > Explain defered CSRF style used by REST framework< / li >
< li > Why you should use Django's standard login/logout views, and not REST framework view< / li >
< / ul >
2012-10-05 22:27:27 +04:00
< / div > <!-- /span -->
< / div > <!-- /row -->
< / div > <!-- /.fluid - container -->
< / div > <!-- /.body content -->
2012-09-02 00:24:33 +04:00
2012-10-05 18:26:53 +04:00
< div id = "push" > < / div >
2012-10-05 22:27:27 +04:00
< / div > <!-- /.wrapper -->
2012-10-05 18:26:53 +04:00
2012-10-05 22:27:27 +04:00
< footer class = "span12" >
2012-10-05 22:33:52 +04:00
< p > Sponsored by < a href = "http://dabapps.com/" > DabApps< / a > .< / a > < / p >
2012-10-05 22:27:27 +04:00
< / footer >
2012-10-05 18:26:53 +04:00
2012-09-02 00:24:33 +04:00
<!-- Le javascript
================================================== -->
<!-- Placed at the end of the document so the pages load faster -->
2012-09-08 11:03:30 +04:00
< script src = "http://tomchristie.github.com/django-rest-framework/js/jquery-1.8.1-min.js" > < / script >
2012-10-05 16:22:18 +04:00
< script src = "http://tomchristie.github.com/django-rest-framework/js/prettify-1.0.js" > < / script >
< script src = "http://tomchristie.github.com/django-rest-framework/js/bootstrap-2.1.1-min.js" > < / script >
2012-09-02 00:24:33 +04:00
< script >
2012-09-08 11:03:30 +04:00
//$('.side-nav').scrollspy()
var shiftWindow = function() { scrollBy(0, -50) };
if (location.hash) shiftWindow();
window.addEventListener("hashchange", shiftWindow);
2012-09-12 13:14:01 +04:00
2012-09-17 23:21:26 +04:00
$('.dropdown-menu').on('click touchstart', function(event) {
2012-09-12 13:14:01 +04:00
event.stopPropagation();
});
2012-09-02 00:24:33 +04:00
< / script >
2012-10-01 19:27:59 +04:00
< / body > < / html >
