How to use Cross Site Request Forgery protection correctly?

I’ve only started getting into web programming with Django recently. In order to make my website more secure, I used csrf_token when sending POST request, followed what I saw in
https://docs.djangoproject.com/en/3.1/ref/csrf/.
However, as I included
<script src="https://cdn.jsdelivr.net/npm/js-cookie@rc/dist/js.cookie.min.js"></script>
in my HTTP file from Javascrip Cookie Library, I can get the csrf_token directly from my browser in Inpsect>console. I am not sure if I did this correctly or not, please give me some pointers.

43 thoughts on “How to use Cross Site Request Forgery protection correctly?”

  1. In django you need to include {%csrf_token%} inside your form tag in you template as django already included everything necessary for csrf. No need to use javascript

    Reply

Leave a Comment