worm2d
Reputation: 159
Django csrf_token in GET query
Is it necessary to add {% csrf_token %} in GET queries?
If I add it in GET, link starts to keep csrf_token ?csrfmiddlewaretoken=
Upvotes: 0
Views: 845
Answers (1)
ilse2005
Reputation: 11439
From the django docs:
The first defense against CSRF attacks is to ensure that GET requests (and other ‘safe’ methods, as defined by 9.1.1 Safe Methods, HTTP 1.1, RFC 2616#section-9.1.1) are side-effect free. Requests via ‘unsafe’ methods, such as POST, PUT and DELETE, can then be protected by following the steps below.
So if you GET requests don't have any side effects, you don't need to include a CSRF Token.
Upvotes: 3
Related Questions
- django order_by query set, ascending and descending
- How to get GET request values in Django?
- What is the difference between null=True and blank=True in Django?
- How to combine multiple QuerySets in Django?
- What does on_delete do on Django models?
- Getting the SQL from a Django QuerySet
- How do I do a not equal in Django queryset filtering?
- django and csrf_token problem