Challenge - 5 Problems

🎖️

CSRF Protection Mastery

Get all challenges correct to earn this badge!

Test your skills under time pressure!

❓ component_behavior

intermediate

2:00remaining

What happens when a Django view lacks CSRF token validation?

Consider a Django view that processes POST requests but does not include CSRF token validation. What is the expected behavior when a POST request is made without a valid CSRF token?

Django

from django.views.decorators.csrf import csrf_exempt
from django.http import HttpResponse

@csrf_exempt
def my_view(request):
    if request.method == 'POST':
        return HttpResponse('POST received')
    return HttpResponse('Hello')

AThe POST request is processed normally without any CSRF error.

BDjango raises a 403 Forbidden error due to missing CSRF token.

CThe server crashes with a server error (500).

DThe POST request is redirected to the login page.

Attempts:

2 left

📝 Syntax

intermediate

2:00remaining

Which template code correctly includes the CSRF token in a Django form?

You want to protect a form in a Django template from CSRF attacks. Which of the following template snippets correctly includes the CSRF token?

Django

<form method="post">
  <!-- CSRF token goes here -->
  <input type="text" name="username">
  <button type="submit">Submit</button>
</form>

A{% csrf_token %}{{ csrf_token }}

B{{ csrf_token }}

C{% csrf_token %}

D<input type="hidden" name="csrfmiddlewaretoken" value="{{ csrf_token }}">

Attempts:

2 left

🔧 Debug

advanced

2:00remaining

Why does this Django view raise a CSRF verification failed error?

Examine the following Django view and template. The POST request raises a CSRF verification failed error. What is the cause?

Django

views.py:
from django.shortcuts import render
from django.views.decorators.csrf import csrf_protect

@csrf_protect
def submit_view(request):
    if request.method == 'POST':
        return render(request, 'success.html')
    return render(request, 'form.html')

form.html:
<form method="post">
  <input type="text" name="data">
  <button type="submit">Send</button>
</form>

AThe CSRF middleware is disabled in settings.py.

BThe view should use @csrf_exempt instead of @csrf_protect.

CThe form method should be GET instead of POST.

DThe template is missing the {% csrf_token %} tag inside the form.

Attempts:

2 left

🧠 Conceptual

advanced

2:00remaining

How does Django's CSRF protection mechanism verify POST requests?

Which of the following best describes how Django verifies that a POST request is safe from CSRF attacks?

AIt compares the CSRF token in the POST data with a token stored in a cookie sent to the client.

BIt verifies that the request comes from the same IP address as the server.

CIt requires the user to enter a CAPTCHA on every POST request.

DIt checks that the CSRF token in the POST data matches the token stored in the user's session cookie.

Attempts:

2 left

❓ state_output

expert

2:00remaining

What is the value of the CSRF cookie after a GET request to a Django view with CSRF protection enabled?

A user visits a Django view protected by CSRF middleware with a GET request. What will be the state of the CSRF cookie in the browser after this request?

Django

from django.shortcuts import render

def my_view(request):
    return render(request, 'page.html')

AThe CSRF cookie is deleted by the server.

BThe CSRF cookie is set with a new token value if it was not already present.

CThe CSRF cookie remains unchanged or is not set if it was missing.

DThe CSRF cookie is set to an empty string.

Attempts:

2 left