0Pricing
Django Academy · Lesson

CSRF Protection and the POST Flow

Handle the GET/POST submit cycle securely.

What CSRF Is

CSRF tricks a logged-in user into submitting a hidden request. Django blocks it so attackers cannot act on a user's behalf. 🔒

Protection Is On

Django enables CsrfViewMiddleware by default, so every unprotected POST is rejected until you add the right token.

All lessons in this course

  1. Defining a forms.Form
  2. is_valid and cleaned_data
  3. Rendering Forms in Templates
  4. CSRF Protection and the POST Flow
← Back to Django Academy