How to exempt CSRF Protection on direct_to_template

django csrf
sharjeel picture sharjeel · Jul 23, 2012 · Viewed 51.4k times · Source

I have a flow in my django application in which I redirect the user to another service (e.g. PayPal) which after some its own processing, returns the user back on my own server. The returning point on my server is a simple HTML success page which I render using direct_to_template.

For some odd reasons, the other server sends a POST request and hence the user sees a CSRF token missing error as the other server doesn't send back any CSRF token.

How do I exempt a direct_to_template view from CSRF tokens?

Answer

Alasdair picture Alasdair · Jul 23, 2012

You can use the csrf_exempt decorator to disable CSRF protection for a particular view.

Say your url pattern is:

('^my_page/$', direct_to_template, {'template': 'my_page.html'})

Add the following import to your urls.py:

from django.views.decorators.csrf import csrf_exempt

Then change the url pattern to:

('^my_page/$', csrf_exempt(direct_to_template), {'template': 'my_page.html'})

Related questions

Django CSRF check failing with an Ajax POST request

I could use some help complying with Django's CSRF protection mechanism via my AJAX post. I've followed the directions here: http://docs.djangoproject.com/en/dev/ref/contrib/csrf/ I've copied the AJAX sample code they have on that page …

Read More
CSRF verification failed. Request aborted

I try to build a very simple website where one can add data into sqlite3 database. I have a POST form with two text input. index.html: {% if top_list %} <ul> <b><pre>Name …

Read More
Django Rest Framework remove csrf

I know that there are answers regarding Django Rest Framework, but I couldn't find a solution to my problem. I have an application which has authentication and some functionality. I added a new app to it, which uses Django Rest …

Read More