Book Image

Learn Web Development with Python

By : Fabrizio Romano, Gaston C. Hillar, Arun Ravindran
Book Image

Learn Web Development with Python

By: Fabrizio Romano, Gaston C. Hillar, Arun Ravindran

Overview of this book

If you want to develop complete Python web apps with Django, this Learning Path is for you. It will walk you through Python programming techniques and guide you in implementing them when creating 4 professional Django projects, teaching you how to solve common problems and develop RESTful web services with Django and Python. You will learn how to build a blog application, a social image bookmarking website, an online shop, and an e-learning platform. Learn Web Development with Python will get you started with Python programming techniques, show you how to enhance your applications with AJAX, create RESTful APIs, and set up a production environment for your Django projects. Last but not least, you’ll learn the best practices for creating real-world applications. By the end of this Learning Path, you will have a full understanding of how Django works and how to use it to build web applications from scratch. This Learning Path includes content from the following Packt products: • Learn Python Programming by Fabrizio Romano • Django RESTful Web Services by Gastón C. Hillar • Django Design Patterns and Best Practices by Arun Ravindran
Table of Contents (33 chapters)
Title Page
About Packt

Understanding CSRF

You must have noticed something called a cross-site request forgery (CSRF) token in the form templates. What does it do? It is a security mechanism against CSRF attacks for your forms.

It works by injecting a server-generated random string called a CSRF token, unique to a user's session. Every time a form is submitted, it must have a hidden field that contains this token. This token ensures that the form was generated for the user by the original site, and proves that it is not a fake form created by an attacker with similar fields.

CSRF tokens are not recommended for forms using the GET method because the GET actions should not change the server state. Moreover, forms submitted via GET would expose the CSRF token in the URLs. Since URLs have a higher risk of being logged or shoulder-sniffed, it is better to use CSRF in forms using the POST method.