How to use Cross Site Request Forgery protection correctly?

I’ve only started getting into web programming with Django recently. In order to make my website more secure, I used csrf_token when sending POST request, followed what I saw in
However, as I included
<script src=""></script>
in my HTTP file from Javascrip Cookie Library, I can get the csrf_token directly from my browser in Inpsect>console. I am not sure if I did this correctly or not, please give me some pointers.

43 thoughts on “How to use Cross Site Request Forgery protection correctly?”

  1. In django you need to include {%csrf_token%} inside your form tag in you template as django already included everything necessary for csrf. No need to use javascript


Leave a Comment