Mar 042017

Django logo

If you’ve created any forms at all using the Django web framework¬†then you should already be familiar with Django’s CSRF middleware and the protection it provides web site’s against cross site forgery request attacks. When the middleware is active, and unless the view has this protection overridden, any form POSTed will be expected to contain a hidden field named csrfmiddlewaretoken the value of which is expected to match a similarly named field in a CSRF cookie attached to the user. Because this value is specific to a user and constantly changing as well, testing the output of webpages with forms against what is expected is difficult. What follows is the solution I am using in Django 1.10.

Continue reading »