Django Security
CSRF protection, XSS prevention, SQL injection, clickjacking, HTTPS, security middleware, best practices
1What is the main purpose of the CSRF token in Django?
What is the main purpose of the CSRF token in Django?
답변
The CSRF token protects against Cross-Site Request Forgery attacks where a malicious site sends requests on behalf of an authenticated user. Django generates a unique token per session and verifies its presence in POST forms. This prevents attackers from forging requests since they cannot guess the random token.
2How to include the CSRF token in a Django form?
How to include the CSRF token in a Django form?
답변
The csrf_token template tag automatically generates a hidden field containing the CSRF token. It must be placed inside the form tag for POST requests. Django then verifies this token via the CsrfViewMiddleware. Without this tag, the form will be rejected with a 403 Forbidden error.
3Which decorator allows exempting a view from CSRF verification?
Which decorator allows exempting a view from CSRF verification?
답변
The csrf_exempt decorator disables CSRF protection for a specific view. It is useful for external API endpoints that cannot provide a CSRF token. However, its use should be limited as it exposes the view to CSRF attacks. For APIs, token-based authentication is preferred.
How does Django automatically protect against XSS attacks in templates?
Which template filter allows displaying unescaped HTML content in Django?
+19 면접 질문