Skip to main content

How to pass through CSRF protection for Python-Django application using Curl

Django's CSRF Middleware is used to protect users from cross site request forgeries. When making an http request it must contain X-CSRF-Token header provided by Django web framework. Web browsers do this automatically by making a custom request firstly and get the token. Then use this token to pass CSRF protection.

I just want to show how to simulate the same behavior by using curl command.

Note that the http://<your-domain>/<your-url-path> is not a LoginRequired url.

When the first curl command run, the response is saved into /tmp/cookie.txt and the contents look like:

# Netscape HTTP Cookie File
# This file was generated by libcurl! Edit at your own risk. FALSE / TRUE 1642434093 csrftoken A123b2O9LPLFcGe7zODhTNpEKKYKYp987B7u3E0t1FDDDWTGYbXHu83dEek6P3cN

X-CSRF-Token can be extracted from this file, then we run the second curl command for the actual request.


Popular posts from this blog

Creating Multiple VLANs over Bonding Interfaces with Proper Routing on a Centos Linux Host

In this post, I am going to explain configuring multiple VLANs on a bond interface. First and foremost, I would like to describe the environment and give details of the infrastructure. The server has 4 Ethernet links to a layer 3 switch with names: enp3s0f0, enp3s0f1, enp4s0f0, enp4s0f1 There are two bond interfaces both configured as active-backup bond0, bond1 enp4s0f0 and enp4s0f1 interfaces are bonded as bond0. Bond0 is for making ssh connections and management only so corresponding switch ports are not configured in trunk mode. enp3s0f0 and enp3s0f1 interfaces are bonded as bond1. Bond1 is for data and corresponding switch ports are configured in trunk mode. Bond0 is the default gateway for the server and has IP address Bond1 has three subinterfaces with VLAN 4, 36, 41. IP addresses are,, respectively. Proper communication with other servers on the network we should use routing tables. There are three

Sending Jboss Server Logs to Logstash Using Filebeat with Multiline Support

In addition to sending system logs to logstash, it is possible to add a prospector section to the filebeat.yml for jboss server logs. Sometimes jboss server.log has single events made up from several lines of messages. In such cases Filebeat should be configured for a multiline prospector. Filebeat takes lines do not start with a date pattern (look at pattern in the multiline section "^[[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2}" and negate section is set to true ) and combines them with the previous line that starts with a date pattern. server.log file excerpt where DatePattern: yyyy-MM-dd-HH and ConversionPattern: %d %-5p [%c] %m%n Logstash filter: