favs app | secure csrf_token option

Question

favs app | secure csrf_token option

LiorA1 opened this issue 4 years ago · 1 comments

In the favs app -
The views 'AddFavoriteView' and 'DeleteFavoriteView', use in the 'csrf_exempt' decorator, because we want to allow non-secure access, but I found a way to use csrf token for them.
As can you see here:
views.py: https://github.com/LiorA1/Django/blob/main/dj4e-samples/favs/views.py#L79
I Solved it, by adding 'csrf_token' in the 'list.html' template:
https://github.com/LiorA1/Django/blob/main/dj4e-samples/favs/templates/favs/list.html#L68

Answer 1 · 2021-04-20T14:26:08.000Z

Thanks. This is a great suggestion. I will be adding a new "up/down vote" sample code and will use this approach in that code right away. And then when I can re-record lectures I will move this into the favs code.