CSRF protection stops bad websites from tricking you into doing things you don't want. It keeps your actions safe.
In Django templates, use {% csrf_token %} inside your <form> tags.
In views, Django middleware automatically checks the CSRF token for POST requests.The {% csrf_token %} tag adds a hidden input with a secret token to your form.
Django's CSRF middleware checks this token on form submission to confirm the request is safe.
<form method="post"> {% csrf_token %} <input type="text" name="name"> <button type="submit">Send</button> </form>
@csrf_exempt, but use it carefully.from django.views.decorators.csrf import csrf_exempt @csrf_exempt def my_view(request): # This view will not check CSRF tokens pass
This Django view shows a form with CSRF protection. When you submit your name, it greets you.
from django.shortcuts import render from django.http import HttpResponse # View to show form def my_form(request): if request.method == 'POST': name = request.POST.get('name', '') return HttpResponse(f"Hello, {name}!") return render(request, 'form.html') # form.html content: # <form method="post"> # {% csrf_token %} # <input type="text" name="name" placeholder="Enter your name"> # <button type="submit">Submit</button> # </form>
Always include {% csrf_token %} in your POST forms to avoid errors.
CSRF protection works automatically if you use Django's middleware and template tags.
Disabling CSRF protection can make your site vulnerable, so only do it if you understand the risks.
CSRF protection keeps your site safe from unwanted actions by other sites.
Use {% csrf_token %} in forms to add a secret token.
Django checks this token automatically to allow only safe requests.