mirror of
https://github.com/encode/django-rest-framework.git
synced 2024-11-14 05:36:50 +03:00
615 B
615 B
Working with AJAX and CSRF
"Take a close look at possible CSRF / XSRF vulnerabilities on your own websites. They're the worst kind of vulnerability -- very easy to exploit by attackers, yet not so intuitively easy to understand for software developers, at least until you've been bitten by one."
- Explain need to add CSRF token to AJAX requests.
- Explain deferred CSRF style used by REST framework
- Why you should use Django's standard login/logout views, and not REST framework view