Django's CSRF Middleware is used to protect users from cross site request forgeries. When making an http request it must contain X-CSRF-Token header provided by Django web framework. Web browsers do this automatically by making a custom request firstly and get the token. Then use this token to pass CSRF protection.
I just want to show how to simulate the same behavior by using curl command.
Note that the http://<your-domain>/<your-url-path> is not a LoginRequired url.
When the first curl command run, the response is saved into /tmp/cookie.txt and the contents look like:
# Netscape HTTP Cookie File
# http://curl.haxx.se/docs/http-cookies.html
# This file was generated by libcurl! Edit at your own risk.
# http://curl.haxx.se/docs/http-cookies.html
# This file was generated by libcurl! Edit at your own risk.
#HttpOnly_www.yourdomain.com FALSE / TRUE 1642434093 csrftoken A123b2O9LPLFcGe7zODhTNpEKKYKYp987B7u3E0t1FDDDWTGYbXHu83dEek6P3cN
X-CSRF-Token can be extracted from this file, then we run the second curl command for the actual request.
Comments
Post a Comment