CSRF **** Links ===== - `Cross Site Request Forgery protection`_ - `How To Safely Store A Password`_ - https://bitbucket.org/dwaiter/django-bcrypt/src Usage ===== AJAX ---- - :doc:`csrf-ajax` Disable ------- :: from django.views.decorators.csrf import csrf_exempt @csrf_exempt def my_view(request): return HttpResponse('Hello world') Sample ------ - Add the middleware: :: MIDDLEWARE_CLASSES = ( 'django.middleware.csrf.CsrfViewMiddleware', ...to your list of middleware classes... It should come before ``CsrfResponseMiddleware`` if that is being used, and before any view middleware that assume that CSRF attacks have been dealt with. - In any template that uses a ``POST`` form, use the ``csrf_token`` tag inside the ``