Django - Security Best Practices
You want to allow a specific Django view to accept POST requests without CSRF token for an API endpoint. Which is the best way to do this safely?
You want to allow a specific Django view to accept POST requests without CSRF token for an API endpoint. Which is the best way to do this safely?
hard📝 Application Q8 of 15
Step-by-Step Solution
Solution:
Step 1: Understand how to disable CSRF for one view
Using @csrf_exempt decorator disables CSRF checks only for that view.Step 2: Avoid global disabling
Removing middleware disables CSRF globally, which is unsafe.Step 3: Other options are not practical
Manually adding token or changing method is not suitable for API POST requests.Final Answer:
Add @csrf_exempt decorator to the view -> Option BQuick Check:
Use @csrf_exempt for selective CSRF disable [OK]
Quick Trick: Use @csrf_exempt to skip CSRF on one view [OK]
Common Mistakes:
MISTAKES- Removing middleware globally
- Trying to add token manually in headers
- Switching POST to GET incorrectly
Master "Security Best Practices" in Django
Want More Practice?
15+ quiz questions · All difficulty levels · Free
Free Signup - Practice All QuestionsMore Django Quizzes