GET 查询中的 Django csrf_token
Django csrf_token in GET query
是否需要在GET查询中添加{% csrf_token %}?
如果我在GET中添加它,link开始保留csrf_token?csrfmiddlewaretoken=
来自django docs:
The first defense against CSRF attacks is to ensure that GET requests (and other ‘safe’ methods, as defined by 9.1.1 Safe Methods, HTTP 1.1, RFC 2616#section-9.1.1) are side-effect free. Requests via ‘unsafe’ methods, such as POST, PUT and DELETE, can then be protected by following the steps below.
因此,如果您的 GET 请求没有任何副作用,则您不需要包含 CSRF 令牌。
是否需要在GET查询中添加{% csrf_token %}?
如果我在GET中添加它,link开始保留csrf_token?csrfmiddlewaretoken=
来自django docs:
The first defense against CSRF attacks is to ensure that GET requests (and other ‘safe’ methods, as defined by 9.1.1 Safe Methods, HTTP 1.1, RFC 2616#section-9.1.1) are side-effect free. Requests via ‘unsafe’ methods, such as POST, PUT and DELETE, can then be protected by following the steps below.
因此,如果您的 GET 请求没有任何副作用,则您不需要包含 CSRF 令牌。