[{"data":1,"prerenderedAt":9652},["ShallowReactive",2],{"navigation":3,"/security/cross-site-request-forgery":1016,"/security/cross-site-request-forgery-surround":9647},[4,54,89,123,165,211,253,331,389,439,462,488,514,540,578,624,650,672,702,736,774,800,850,856,862,868,874,928],{"title":5,"path":6,"stem":7,"children":8},"Introduction and Foundations","/introduction-and-foundations","01.introduction-and-foundations/01.index",[9,10,14,18,22,26,30,34,38,42,46,50],{"title":5,"path":6,"stem":7},{"title":11,"path":12,"stem":13},"What is Django","/introduction-and-foundations/what-is-django","01.introduction-and-foundations/02.what-is-django",{"title":15,"path":16,"stem":17},"Key Concepts and Philosophy","/introduction-and-foundations/key-concepts-and-philosophy","01.introduction-and-foundations/03.key-concepts-and-philosophy",{"title":19,"path":20,"stem":21},"MVC vs MVT: Understanding Django's Architecture","/introduction-and-foundations/mvc-vs-mvt","01.introduction-and-foundations/04.mvc-vs-mvt",{"title":23,"path":24,"stem":25},"Project Structure Overview","/introduction-and-foundations/project-structure-overview","01.introduction-and-foundations/05.project-structure-overview",{"title":27,"path":28,"stem":29},"Installing Django","/introduction-and-foundations/installing-django","01.introduction-and-foundations/06.installing-django",{"title":31,"path":32,"stem":33},"Creating Your First Django Project","/introduction-and-foundations/creating-first-project","01.introduction-and-foundations/07.creating-first-project",{"title":35,"path":36,"stem":37},"Creating Your First Django App","/introduction-and-foundations/creating-first-app","01.introduction-and-foundations/08.creating-first-app",{"title":39,"path":40,"stem":41},"Your First Django \"Hello World\"","/introduction-and-foundations/hello-world","01.introduction-and-foundations/09.hello-world",{"title":43,"path":44,"stem":45},"Django Quick Start Guide","/introduction-and-foundations/quick-start-guide","01.introduction-and-foundations/10.quick-start-guide",{"title":47,"path":48,"stem":49},"How Django Handles Requests","/introduction-and-foundations/how-django-handles-requests","01.introduction-and-foundations/11.how-django-handles-requests",{"title":51,"path":52,"stem":53},"Django Settings","/introduction-and-foundations/django-settings","01.introduction-and-foundations/12.django-settings",{"title":55,"path":56,"stem":57,"children":58},"The Development Environment","/development-environment","02.development-environment/1.index",[59,61,65,69,73,77,81,85],{"title":60,"path":56,"stem":57},"Development Environment",{"title":62,"path":63,"stem":64},"Recommended Tooling for Django Development","/development-environment/recommended-tooling","02.development-environment/2.recommended-tooling",{"title":66,"path":67,"stem":68},"Virtual Environments","/development-environment/virtual-environments","02.development-environment/3.virtual-environments",{"title":70,"path":71,"stem":72},"Django Admin and Management Commands","/development-environment/admin-and-management-commands","02.development-environment/4.admin-and-management-commands",{"title":74,"path":75,"stem":76},"Django Project Settings","/development-environment/project-settings","02.development-environment/5.project-settings",{"title":78,"path":79,"stem":80},"Managing Django Environments: Local, Staging, and Production","/development-environment/environments-local-staging-production","02.development-environment/6.environments-local-staging-production",{"title":82,"path":83,"stem":84},"Running Django Development Server","/development-environment/running-development-server","02.development-environment/7.running-development-server",{"title":86,"path":87,"stem":88},"Working with Django Shell","/development-environment/working-with-shell","02.development-environment/8.working-with-shell",{"title":90,"path":91,"stem":92,"children":93},"Templates and Presentation Layer","/templates-and-presentation","03.templates-and-presentation/1.index",[94,95,99,103,107,111,115,119],{"title":90,"path":91,"stem":92},{"title":96,"path":97,"stem":98},"Introduction to Django Templates","/templates-and-presentation/introduction-to-templates","03.templates-and-presentation/2.introduction-to-templates",{"title":100,"path":101,"stem":102},"The Django Template Language","/templates-and-presentation/django-template-language","03.templates-and-presentation/3.django-template-language",{"title":104,"path":105,"stem":106},"Template Inheritance","/templates-and-presentation/template-inheritance","03.templates-and-presentation/4.template-inheritance",{"title":108,"path":109,"stem":110},"Built-in Template Tags and Filters","/templates-and-presentation/built-in-template-tags-and-filters","03.templates-and-presentation/5.built-in-template-tags-and-filters",{"title":112,"path":113,"stem":114},"Including Static Files","/templates-and-presentation/including-static-files","03.templates-and-presentation/6.including-static-files",{"title":116,"path":117,"stem":118},"Working with Media Files","/templates-and-presentation/working-with-media-files","03.templates-and-presentation/7.working-with-media-files",{"title":120,"path":121,"stem":122},"Using Alternative Template Engines","/templates-and-presentation/using-alternative-template-engines","03.templates-and-presentation/8.using-alternative-template-engines",{"title":124,"path":125,"stem":126,"children":127},"URLs and Views","/urls-and-views","04.urls-and-views/01.index",[128,129,133,137,141,145,149,153,157,161],{"title":124,"path":125,"stem":126},{"title":130,"path":131,"stem":132},"The URL Dispatcher","/urls-and-views/the-url-dispatcher","04.urls-and-views/02.the-url-dispatcher",{"title":134,"path":135,"stem":136},"Writing Function-Based Views","/urls-and-views/writing-function-based-views","04.urls-and-views/03.writing-function-based-views",{"title":138,"path":139,"stem":140},"View Decorators","/urls-and-views/view-decorators","04.urls-and-views/04.view-decorators",{"title":142,"path":143,"stem":144},"Rendering Responses","/urls-and-views/rendering-responses","04.urls-and-views/05.rendering-responses",{"title":146,"path":147,"stem":148},"Redirects","/urls-and-views/redirects","04.urls-and-views/06.redirects",{"title":150,"path":151,"stem":152},"Handling HTTP Methods","/urls-and-views/handling-http-methods","04.urls-and-views/07.handling-http-methods",{"title":154,"path":155,"stem":156},"Conditional View Processing","/urls-and-views/conditional-view-processing","04.urls-and-views/08.conditional-view-processing",{"title":158,"path":159,"stem":160},"File Uploads","/urls-and-views/file-uploads","04.urls-and-views/09.file-uploads",{"title":162,"path":163,"stem":164},"Using Django Shortcut Functions","/urls-and-views/using-django-shortcut-functions","04.urls-and-views/10.using-django-shortcut-functions",{"title":166,"path":167,"stem":168,"children":169},"Class Based Views","/class-based-views","05.class-based-views/01.index",[170,171,175,179,183,187,191,195,199,203,207],{"title":166,"path":167,"stem":168},{"title":172,"path":173,"stem":174},"Introduction to Class-Based Views","/class-based-views/introduction-to-class-based-views","05.class-based-views/02.introduction-to-class-based-views",{"title":176,"path":177,"stem":178},"Common Base Classes","/class-based-views/common-base-classes","05.class-based-views/03.common-base-classes",{"title":180,"path":181,"stem":182},"Built-in Generic Views","/class-based-views/built-in-generic-views","05.class-based-views/04.built-in-generic-views",{"title":184,"path":185,"stem":186},"Views for CRUD Operations","/class-based-views/views-for-crud-operations","05.class-based-views/05.views-for-crud-operations",{"title":188,"path":189,"stem":190},"Handling Forms with Class-Based Views","/class-based-views/handling-forms-with-class-based-views","05.class-based-views/06.handling-forms-with-class-based-views",{"title":192,"path":193,"stem":194},"Using Mixins","/class-based-views/using-mixins","05.class-based-views/07.using-mixins",{"title":196,"path":197,"stem":198},"URL Configuration with Class-Based Views","/class-based-views/url-configuration-with-class-based-views","05.class-based-views/08.url-configuration-with-class-based-views",{"title":200,"path":201,"stem":202},"Subclassing Generic Views","/class-based-views/subclassing-generic-views","05.class-based-views/09.subclassing-generic-views",{"title":204,"path":205,"stem":206},"Asynchronous Class-Based Views","/class-based-views/asynchronous-class-based-views","05.class-based-views/10.asynchronous-class-based-views",{"title":208,"path":209,"stem":210},"Pagination","/class-based-views/pagination","05.class-based-views/11.pagination",{"title":212,"path":213,"stem":214,"children":215},"Forms and User Input","/forms-and-user-input","06.forms-and-user-input/01.index",[216,217,221,225,229,233,237,241,245,249],{"title":212,"path":213,"stem":214},{"title":218,"path":219,"stem":220},"Understanding HTML Forms","/forms-and-user-input/understanding-html-forms","06.forms-and-user-input/02.understanding-html-forms",{"title":222,"path":223,"stem":224},"Django's Role in Form Handling","/forms-and-user-input/djangos-role-in-form-handling","06.forms-and-user-input/03.djangos-role-in-form-handling",{"title":226,"path":227,"stem":228},"Creating Forms with Forms API","/forms-and-user-input/creating-forms-with-forms-api","06.forms-and-user-input/04.creating-forms-with-forms-api",{"title":230,"path":231,"stem":232},"Form Validation","/forms-and-user-input/form-validation","06.forms-and-user-input/05.form-validation",{"title":234,"path":235,"stem":236},"Built-in Fields and Widgets","/forms-and-user-input/built-in-fields-and-widgets","06.forms-and-user-input/06.built-in-fields-and-widgets",{"title":238,"path":239,"stem":240},"Form Rendering in Templates","/forms-and-user-input/form-rendering-in-templates","06.forms-and-user-input/07.form-rendering-in-templates",{"title":242,"path":243,"stem":244},"Model Forms","/forms-and-user-input/model-forms","06.forms-and-user-input/08.model-forms",{"title":246,"path":247,"stem":248},"Advanced Form Techniques","/forms-and-user-input/advanced-form-techniques","06.forms-and-user-input/09.advanced-form-techniques",{"title":250,"path":251,"stem":252},"Security Considerations for Forms","/forms-and-user-input/security-considerations-for-forms","06.forms-and-user-input/10.security-considerations-for-forms",{"title":254,"path":255,"stem":256,"children":257},"Models and Databases","/models-and-databases","07.models-and-databases/01.index",[258,259,263,267,271,275,279,283,287,291,295,299,303,307,311,315,319,323,327],{"title":254,"path":255,"stem":256},{"title":260,"path":261,"stem":262},"Understanding Django Models","/models-and-databases/understanding-django-models","07.models-and-databases/02.understanding-django-models",{"title":264,"path":265,"stem":266},"Defining Fields","/models-and-databases/defining-fields","07.models-and-databases/03.defining-fields",{"title":268,"path":269,"stem":270},"Relationships and Foreign Keys","/models-and-databases/relationships-and-foreign-keys","07.models-and-databases/04.relationships-and-foreign-keys",{"title":272,"path":273,"stem":274},"Examples of Relationship Patterns","/models-and-databases/examples-of-relationship-patterns","07.models-and-databases/05.examples-of-relationship-patterns",{"title":276,"path":277,"stem":278},"Making Queries","/models-and-databases/making-queries","07.models-and-databases/06.making-queries",{"title":280,"path":281,"stem":282},"Filtering, Ordering, and Slicing","/models-and-databases/filtering-ordering-slicing","07.models-and-databases/07.filtering-ordering-slicing",{"title":284,"path":285,"stem":286},"Managers and QuerySets","/models-and-databases/managers-and-querysets","07.models-and-databases/08.managers-and-querysets",{"title":288,"path":289,"stem":290},"Aggregation","/models-and-databases/aggregation","07.models-and-databases/09.aggregation",{"title":292,"path":293,"stem":294},"Search","/models-and-databases/search","07.models-and-databases/10.search",{"title":296,"path":297,"stem":298},"Raw SQL Queries","/models-and-databases/raw-sql-queries","07.models-and-databases/11.raw-sql-queries",{"title":300,"path":301,"stem":302},"Transactions","/models-and-databases/transactions","07.models-and-databases/12.transactions",{"title":304,"path":305,"stem":306},"Multiple Databases","/models-and-databases/multiple-databases","07.models-and-databases/13.multiple-databases",{"title":308,"path":309,"stem":310},"Tablespaces","/models-and-databases/tablespaces","07.models-and-databases/14.tablespaces",{"title":312,"path":313,"stem":314},"Composite Primary Keys","/models-and-databases/composite-primary-keys","07.models-and-databases/15.composite-primary-keys",{"title":316,"path":317,"stem":318},"Database Instrumentation","/models-and-databases/database-instrumentation","07.models-and-databases/16.database-instrumentation",{"title":320,"path":321,"stem":322},"Database Optimization","/models-and-databases/database-optimization","07.models-and-databases/17.database-optimization",{"title":324,"path":325,"stem":326},"Fixtures","/models-and-databases/fixtures","07.models-and-databases/18.fixtures",{"title":328,"path":329,"stem":330},"Signals","/models-and-databases/signals","07.models-and-databases/19.signals",{"title":332,"path":333,"stem":334,"children":335},"Migrations","/migrations","08.migrations/01.index",[336,337,341,345,349,353,357,361,365,369,373,377,381,385],{"title":332,"path":333,"stem":334},{"title":338,"path":339,"stem":340},"How Migrations Work","/migrations/how-migrations-work","08.migrations/02.how-migrations-work",{"title":342,"path":343,"stem":344},"Management Commands","/migrations/management-commands","08.migrations/03.management-commands",{"title":346,"path":347,"stem":348},"Dependencies and Workflow","/migrations/dependencies-and-workflow","08.migrations/04.dependencies-and-workflow",{"title":350,"path":351,"stem":352},"Transaction Handling","/migrations/transaction-handling","08.migrations/05.transaction-handling",{"title":354,"path":355,"stem":356},"Adding Migrations to Apps","/migrations/adding-migrations-to-apps","08.migrations/06.adding-migrations-to-apps",{"title":358,"path":359,"stem":360},"Reversing Migrations","/migrations/reversing-migrations","08.migrations/07.reversing-migrations",{"title":362,"path":363,"stem":364},"Historical Models","/migrations/historical-models","08.migrations/08.historical-models",{"title":366,"path":367,"stem":368},"Considerations When Removing Fields","/migrations/considerations-when-removing-fields","08.migrations/09.considerations-when-removing-fields",{"title":370,"path":371,"stem":372},"Data Migrations","/migrations/data-migrations","08.migrations/10.data-migrations",{"title":374,"path":375,"stem":376},"Squashing Migrations","/migrations/squashing-migrations","08.migrations/11.squashing-migrations",{"title":378,"path":379,"stem":380},"Serializing Values","/migrations/serializing-values","08.migrations/12.serializing-values",{"title":382,"path":383,"stem":384},"Supporting Multiple Django Versions","/migrations/supporting-multiple-django-versions","08.migrations/13.supporting-multiple-django-versions",{"title":386,"path":387,"stem":388},"Django Serialization Framework","/migrations/django-serialization-framework","08.migrations/14.django-serialization-framework",{"title":390,"path":391,"stem":392,"children":393},"Authentication and Authorization","/authentication-and-authorization","09.authentication-and-authorization/01.index",[394,395,399,403,407,411,415,419,423,427,431,435],{"title":390,"path":391,"stem":392},{"title":396,"path":397,"stem":398},"Overview of Django's Authentication System","/authentication-and-authorization/overview-of-django-authentication-system","09.authentication-and-authorization/02.overview-of-django-authentication-system",{"title":400,"path":401,"stem":402},"Users and Groups","/authentication-and-authorization/users-and-groups","09.authentication-and-authorization/03.users-and-groups",{"title":404,"path":405,"stem":406},"Permissions","/authentication-and-authorization/permissions","09.authentication-and-authorization/04.permissions",{"title":408,"path":409,"stem":410},"Password Management","/authentication-and-authorization/password-management","09.authentication-and-authorization/05.password-management",{"title":412,"path":413,"stem":414},"Authentication Views","/authentication-and-authorization/authentication-views","09.authentication-and-authorization/06.authentication-views",{"title":416,"path":417,"stem":418},"Login and Logout","/authentication-and-authorization/login-and-logout","09.authentication-and-authorization/07.login-and-logout",{"title":420,"path":421,"stem":422},"Custom User Models","/authentication-and-authorization/custom-user-models","09.authentication-and-authorization/08.custom-user-models",{"title":424,"path":425,"stem":426},"Middleware for Authentication","/authentication-and-authorization/middleware-for-authentication","09.authentication-and-authorization/09.middleware-for-authentication",{"title":428,"path":429,"stem":430},"Authorization in Views and Templates","/authentication-and-authorization/authorization-in-views-and-templates","09.authentication-and-authorization/10.authorization-in-views-and-templates",{"title":432,"path":433,"stem":434},"Integrating Social Authentication","/authentication-and-authorization/integrating-social-authentication","09.authentication-and-authorization/11.integrating-social-authentication",{"title":436,"path":437,"stem":438},"Security Best Practices","/authentication-and-authorization/security-best-practices","09.authentication-and-authorization/12.security-best-practices",{"title":440,"path":441,"stem":442,"children":443},"Sessions, Cookies, and State","/sessions-cookies-state","10.sessions-cookies-state/01.index",[444,446,450,454,458],{"title":445,"path":441,"stem":442},"Sessions, Cookies, and State Management",{"title":447,"path":448,"stem":449},"Introduction to Sessions","/sessions-cookies-state/introduction-to-sessions","10.sessions-cookies-state/02.introduction-to-sessions",{"title":451,"path":452,"stem":453},"Working with Cookies","/sessions-cookies-state/working-with-cookies","10.sessions-cookies-state/03.working-with-cookies",{"title":455,"path":456,"stem":457},"Server-Side Session Storage Options","/sessions-cookies-state/server-side-session-storage-options","10.sessions-cookies-state/04.server-side-session-storage-options",{"title":459,"path":460,"stem":461},"Session Security","/sessions-cookies-state/session-security","10.sessions-cookies-state/05.session-security",{"title":463,"path":464,"stem":465,"children":466},"Working with Files","/working-with-files","11.working-with-files/01.index",[467,468,472,476,480,484],{"title":463,"path":464,"stem":465},{"title":469,"path":470,"stem":471},"Files in Models","/working-with-files/files-in-models","11.working-with-files/02.files-in-models",{"title":473,"path":474,"stem":475},"The File Object","/working-with-files/the-file-object","11.working-with-files/03.the-file-object",{"title":477,"path":478,"stem":479},"Storage Backends","/working-with-files/storage-backends","11.working-with-files/04.storage-backends",{"title":481,"path":482,"stem":483},"Using Cloud Storage Providers","/working-with-files/using-cloud-storage-providers","11.working-with-files/05.using-cloud-storage-providers",{"title":485,"path":486,"stem":487},"Managing Media in Production","/working-with-files/managing-media-in-production","11.working-with-files/06.managing-media-in-production",{"title":489,"path":490,"stem":491,"children":492},"Admin Site","/admin-site","12.admin-site/01.index",[493,494,498,502,506,510],{"title":489,"path":490,"stem":491},{"title":495,"path":496,"stem":497},"Enabling the Admin","/admin-site/enabling-the-admin","12.admin-site/02.enabling-the-admin",{"title":499,"path":500,"stem":501},"Registering Models","/admin-site/registering-models","12.admin-site/03.registering-models",{"title":503,"path":504,"stem":505},"Customizing Admin Display","/admin-site/customizing-admin-display","12.admin-site/04.customizing-admin-display",{"title":507,"path":508,"stem":509},"Admin Actions","/admin-site/admin-actions","12.admin-site/05.admin-actions",{"title":511,"path":512,"stem":513},"Admin Security Best Practices","/admin-site/admin-security-best-practices","12.admin-site/06.admin-security-best-practices",{"title":515,"path":516,"stem":517,"children":518},"Middleware","/middleware","13.middleware/01.index",[519,520,524,528,532,536],{"title":515,"path":516,"stem":517},{"title":521,"path":522,"stem":523},"Middleware Overview","/middleware/middleware-overview","13.middleware/02.middleware-overview",{"title":525,"path":526,"stem":527},"Built-in Middleware","/middleware/built-in-middleware","13.middleware/03.built-in-middleware",{"title":529,"path":530,"stem":531},"Creating Custom Middleware","/middleware/creating-custom-middleware","13.middleware/04.creating-custom-middleware",{"title":533,"path":534,"stem":535},"Middleware Ordering","/middleware/middleware-ordering","13.middleware/05.middleware-ordering",{"title":537,"path":538,"stem":539},"Performance and Debugging","/middleware/performance-and-debugging","13.middleware/06.performance-and-debugging",{"title":541,"path":542,"stem":543,"children":544},"Security","/security","14.security/01.index",[545,546,550,554,558,562,566,570,574],{"title":541,"path":542,"stem":543},{"title":547,"path":548,"stem":549},"Django Security Philosophy","/security/django-security-philosophy","14.security/02.django-security-philosophy",{"title":551,"path":552,"stem":553},"Cross Site Request Forgery","/security/cross-site-request-forgery","14.security/03.cross-site-request-forgery",{"title":555,"path":556,"stem":557},"Cross Site Scripting","/security/cross-site-scripting","14.security/04.cross-site-scripting",{"title":559,"path":560,"stem":561},"SQL Injection Protection","/security/sql-injection-protection","14.security/05.sql-injection-protection",{"title":563,"path":564,"stem":565},"Clickjacking Protection","/security/clickjacking-protection","14.security/06.clickjacking-protection",{"title":567,"path":568,"stem":569},"HTTPS Setup and HSTS","/security/https-setup-and-hsts","14.security/07.https-setup-and-hsts",{"title":571,"path":572,"stem":573},"Password Storage and Cryptography","/security/password-storage-and-cryptography","14.security/08.password-storage-and-cryptography",{"title":575,"path":576,"stem":577},"Secure Deployment Checklist","/security/secure-deployment-checklist","14.security/09.secure-deployment-checklist",{"title":579,"path":580,"stem":581,"children":582},"Testing","/testing","15.testing/01.index",[583,584,588,592,596,600,604,608,612,616,620],{"title":579,"path":580,"stem":581},{"title":585,"path":586,"stem":587},"Introduction to Django Testing","/testing/introduction-to-django-testing","15.testing/02.introduction-to-django-testing",{"title":589,"path":590,"stem":591},"Writing and Running Tests","/testing/writing-and-running-tests","15.testing/03.writing-and-running-tests",{"title":593,"path":594,"stem":595},"Test Tools","/testing/test-tools","15.testing/04.test-tools",{"title":597,"path":598,"stem":599},"Testing Models","/testing/testing-models","15.testing/05.testing-models",{"title":601,"path":602,"stem":603},"Testing Views","/testing/testing-views","15.testing/06.testing-views",{"title":605,"path":606,"stem":607},"Testing Forms","/testing/testing-forms","15.testing/07.testing-forms",{"title":609,"path":610,"stem":611},"Testing Templates","/testing/testing-templates","15.testing/08.testing-templates",{"title":613,"path":614,"stem":615},"Testing Authentication","/testing/testing-authentication","15.testing/09.testing-authentication",{"title":617,"path":618,"stem":619},"Advanced Testing Topics","/testing/advanced-testing-topics","15.testing/10.advanced-testing-topics",{"title":621,"path":622,"stem":623},"Performance Testing","/testing/performance-testing","15.testing/11.performance-testing",{"title":625,"path":626,"stem":627,"children":628},"Static Assets and Frontend Integration","/static-assets-and-frontend-integration","16.static-assets-and-frontend-integration/01.index",[629,630,634,638,642,646],{"title":625,"path":626,"stem":627},{"title":631,"path":632,"stem":633},"Working with Static Files","/static-assets-and-frontend-integration/working-with-static-files","16.static-assets-and-frontend-integration/02.working-with-static-files",{"title":635,"path":636,"stem":637},"Integrating CSS and JavaScript","/static-assets-and-frontend-integration/integrating-css-and-javascript","16.static-assets-and-frontend-integration/03.integrating-css-and-javascript",{"title":639,"path":640,"stem":641},"Using Build Tools like Vite or Webpack","/static-assets-and-frontend-integration/using-build-tools-like-vite-or-webpack","16.static-assets-and-frontend-integration/04.using-build-tools-like-vite-or-webpack",{"title":643,"path":644,"stem":645},"Using React or Vue with Django","/static-assets-and-frontend-integration/using-react-or-vue-with-django","16.static-assets-and-frontend-integration/05.using-react-or-vue-with-django",{"title":647,"path":648,"stem":649},"Managing CORS","/static-assets-and-frontend-integration/managing-cors","16.static-assets-and-frontend-integration/06.managing-cors",{"title":651,"path":652,"stem":653,"children":654},"Internationalization and Localization","/internationalization-and-localization","17.internationalization-and-localization/01.index",[655,656,660,664,668],{"title":651,"path":652,"stem":653},{"title":657,"path":658,"stem":659},"Enabling Translation","/internationalization-and-localization/enabling-translation","17.internationalization-and-localization/02.enabling-translation",{"title":661,"path":662,"stem":663},"Translating Text in Code and Templates","/internationalization-and-localization/translating-text-in-code-and-templates","17.internationalization-and-localization/03.translating-text-in-code-and-templates",{"title":665,"path":666,"stem":667},"Timezone Support","/internationalization-and-localization/timezone-support","17.internationalization-and-localization/04.timezone-support",{"title":669,"path":670,"stem":671},"Locale Middleware","/internationalization-and-localization/locale-middleware","17.internationalization-and-localization/05.locale-middleware",{"title":673,"path":674,"stem":675,"children":676},"Caching","/caching","18.caching/01.index",[677,678,682,686,690,694,698],{"title":673,"path":674,"stem":675},{"title":679,"path":680,"stem":681},"Introduction to Caching","/caching/introduction-to-caching","18.caching/02.introduction-to-caching",{"title":683,"path":684,"stem":685},"Cache Backends","/caching/cache-backends","18.caching/03.cache-backends",{"title":687,"path":688,"stem":689},"Per View Caching","/caching/per-view-caching","18.caching/04.per-view-caching",{"title":691,"path":692,"stem":693},"Low Level Cache API","/caching/low-level-cache-api","18.caching/05.low-level-cache-api",{"title":695,"path":696,"stem":697},"Template Fragment Caching","/caching/template-fragment-caching","18.caching/06.template-fragment-caching",{"title":699,"path":700,"stem":701},"Deployment Level Caching Patterns","/caching/deployment-level-caching-patterns","18.caching/07.deployment-level-caching-patterns",{"title":703,"path":704,"stem":705,"children":706},"Asynchronous Django","/asynchronous-django","19.asynchronous-django/01.index",[707,708,712,716,720,724,728,732],{"title":703,"path":704,"stem":705},{"title":709,"path":710,"stem":711},"Introduction to ASGI","/asynchronous-django/introduction-to-asgi","19.asynchronous-django/02.introduction-to-asgi",{"title":713,"path":714,"stem":715},"Async Views","/asynchronous-django/async-views","19.asynchronous-django/03.async-views",{"title":717,"path":718,"stem":719},"Async ORM Status","/asynchronous-django/async-orm-status","19.asynchronous-django/04.async-orm-status",{"title":721,"path":722,"stem":723},"WebSockets with Channels","/asynchronous-django/websockets-with-channels","19.asynchronous-django/05.websockets-with-channels",{"title":725,"path":726,"stem":727},"Background Tasks with Celery or RQ","/asynchronous-django/background-tasks-with-celery-or-rq","19.asynchronous-django/06.background-tasks-with-celery-or-rq",{"title":729,"path":730,"stem":731},"Asynchronous Support","/asynchronous-django/asynchronous-support","19.asynchronous-django/07.asynchronous-support",{"title":733,"path":734,"stem":735},"Django's Tasks Framework","/asynchronous-django/django-tasks-framework","19.asynchronous-django/08.django-tasks-framework",{"title":737,"path":738,"stem":739,"children":740},"Deployment","/deployment","20.deployment/01.index",[741,742,746,750,754,758,762,766,770],{"title":737,"path":738,"stem":739},{"title":743,"path":744,"stem":745},"Preparing for Production","/deployment/preparing-for-production","20.deployment/02.preparing-for-production",{"title":747,"path":748,"stem":749},"Using WSGI and ASGI Servers","/deployment/using-wsgi-and-asgi-servers","20.deployment/03.using-wsgi-and-asgi-servers",{"title":751,"path":752,"stem":753},"Deploying on Linux Servers","/deployment/deploying-on-linux-servers","20.deployment/04.deploying-on-linux-servers",{"title":755,"path":756,"stem":757},"Using Docker","/deployment/using-docker","20.deployment/05.using-docker",{"title":759,"path":760,"stem":761},"Cloud Deployment Guides","/deployment/cloud-deployment-guides","20.deployment/06.cloud-deployment-guides",{"title":763,"path":764,"stem":765},"Scaling and Load Balancing","/deployment/scaling-and-load-balancing","20.deployment/07.scaling-and-load-balancing",{"title":767,"path":768,"stem":769},"Monitoring and Logging","/deployment/monitoring-and-logging","20.deployment/08.monitoring-and-logging",{"title":771,"path":772,"stem":773},"Backup Strategies","/deployment/backup-strategies","20.deployment/09.backup-strategies",{"title":775,"path":776,"stem":777,"children":778},"Performance and Optimization","/performance-and-optimization","21.performance-and-optimization/01.index",[779,780,784,788,792,796],{"title":775,"path":776,"stem":777},{"title":781,"path":782,"stem":783},"Query Optimization","/performance-and-optimization/query-optimization","21.performance-and-optimization/02.query-optimization",{"title":785,"path":786,"stem":787},"Template Rendering Optimization","/performance-and-optimization/template-rendering-optimization","21.performance-and-optimization/03.template-rendering-optimization",{"title":789,"path":790,"stem":791},"Using Select Related and Prefetch Related","/performance-and-optimization/using-select-related-and-prefetch-related","21.performance-and-optimization/04.using-select-related-and-prefetch-related",{"title":793,"path":794,"stem":795},"Caching Strategies","/performance-and-optimization/caching-strategies","21.performance-and-optimization/05.caching-strategies",{"title":797,"path":798,"stem":799},"Profiling Django Apps","/performance-and-optimization/profiling-django-apps","21.performance-and-optimization/06.profiling-django-apps",{"title":801,"path":802,"stem":803,"children":804},"Advanced and Expert Topics","/advanced-and-expert-topics","22.advanced-and-expert-topics/01.index",[805,806,810,814,818,822,826,830,834,838,842,846],{"title":801,"path":802,"stem":803},{"title":807,"path":808,"stem":809},"System Architecture Patterns","/advanced-and-expert-topics/system-architecture-patterns","22.advanced-and-expert-topics/02.system-architecture-patterns",{"title":811,"path":812,"stem":813},"Domain Driven Design with Django","/advanced-and-expert-topics/domain-driven-design-with-django","22.advanced-and-expert-topics/03.domain-driven-design-with-django",{"title":815,"path":816,"stem":817},"Building Large Scale Django Projects","/advanced-and-expert-topics/building-large-scale-django-projects","22.advanced-and-expert-topics/04.building-large-scale-django-projects",{"title":819,"path":820,"stem":821},"Plugin Architectures for Django Apps","/advanced-and-expert-topics/plugin-architectures-for-django-apps","22.advanced-and-expert-topics/05.plugin-architectures-for-django-apps",{"title":823,"path":824,"stem":825},"Extending Django's Core","/advanced-and-expert-topics/extending-djangos-core","22.advanced-and-expert-topics/06.extending-djangos-core",{"title":827,"path":828,"stem":829},"Custom ORM Expressions","/advanced-and-expert-topics/custom-orm-expressions","22.advanced-and-expert-topics/07.custom-orm-expressions",{"title":831,"path":832,"stem":833},"Custom Management Commands","/advanced-and-expert-topics/custom-management-commands","22.advanced-and-expert-topics/08.custom-management-commands",{"title":835,"path":836,"stem":837},"Working with Signals","/advanced-and-expert-topics/working-with-signals","22.advanced-and-expert-topics/09.working-with-signals",{"title":839,"path":840,"stem":841},"Building Reusable Django Packages","/advanced-and-expert-topics/building-reusable-django-packages","22.advanced-and-expert-topics/10.building-reusable-django-packages",{"title":843,"path":844,"stem":845},"Integrating Microservices","/advanced-and-expert-topics/integrating-microservices","22.advanced-and-expert-topics/11.integrating-microservices",{"title":847,"path":848,"stem":849},"Advanced Security Hardening","/advanced-and-expert-topics/advanced-security-hardening","22.advanced-and-expert-topics/12.advanced-security-hardening",{"title":851,"path":852,"stem":853,"children":854},"Logging in Django","/logging-in-django","23.logging-in-django/01.index",[855],{"title":851,"path":852,"stem":853},{"title":857,"path":858,"stem":859,"children":860},"FAQ and Troubleshooting","/faq-and-troubleshooting","24.faq-and-troubleshooting/01.index",[861],{"title":857,"path":858,"stem":859},{"title":863,"path":864,"stem":865,"children":866},"External Packages and Ecosystem","/external-packages-and-ecosystem","25.external-packages-and-ecosystem/01.index",[867],{"title":863,"path":864,"stem":865},{"title":869,"path":870,"stem":871,"children":872},"Django Internals and Contributing","/django-internals-and-contributing","26.django-internals-and-contributing/01.index",[873],{"title":869,"path":870,"stem":871},{"title":875,"path":876,"stem":877,"children":878},"Microservices with Django","/microservices-with-django","27.microservices-with-django/01.index",[879,880,884,888,892,896,900,904,908,912,916,920,924],{"title":875,"path":876,"stem":877},{"title":881,"path":882,"stem":883},"What Is a Microservice?","/microservices-with-django/what-is-a-microservice","27.microservices-with-django/02.what-is-a-microservice",{"title":885,"path":886,"stem":887},"Introducing the Django Microservices Architecture","/microservices-with-django/django-microservices-architecture","27.microservices-with-django/03.django-microservices-architecture",{"title":889,"path":890,"stem":891},"Setting Up the Development and Runtime Environment","/microservices-with-django/development-environment","27.microservices-with-django/04.development-environment",{"title":893,"path":894,"stem":895},"Cloud-native Data Processing with MongoDB","/microservices-with-django/cloud-native-data-processing","27.microservices-with-django/05.cloud-native-data-processing",{"title":897,"path":898,"stem":899},"Creating RESTful APIs for Microservices","/microservices-with-django/restful-apis","27.microservices-with-django/06.restful-apis",{"title":901,"path":902,"stem":903},"Orchestrating Microservices with Celery and RabbitMQ","/microservices-with-django/orchestrating-celery-rabbitmq","27.microservices-with-django/07.orchestrating-celery-rabbitmq",{"title":905,"path":906,"stem":907},"Testing Microservices","/microservices-with-django/testing-microservices","27.microservices-with-django/08.testing-microservices",{"title":909,"path":910,"stem":911},"Deploying Microservices","/microservices-with-django/deploying-microservices","27.microservices-with-django/09.deploying-microservices",{"title":913,"path":914,"stem":915},"Securing Microservices","/microservices-with-django/securing-microservices","27.microservices-with-django/10.securing-microservices",{"title":917,"path":918,"stem":919},"Improving Microservices Performance with Caching","/microservices-with-django/performance-caching","27.microservices-with-django/11.performance-caching",{"title":921,"path":922,"stem":923},"Best Practices","/microservices-with-django/best-practices","27.microservices-with-django/12.best-practices",{"title":925,"path":926,"stem":927},"Transforming a Monolithic Web App into a Microservice version","/microservices-with-django/monolith-to-microservices","27.microservices-with-django/13.monolith-to-microservices",{"title":929,"path":930,"stem":931,"children":932},"Releases","/releases","releases",[933,936,940,944,948,952,956,960,964,968,972,976,980,984,988,992,996,1000,1004,1008,1012],{"title":934,"path":930,"stem":935},"Django Releases","releases/index",{"title":937,"path":938,"stem":939},"Django 5.1.10 release notes","/releases/5.1.10","releases/5.1.10",{"title":941,"path":942,"stem":943},"Django 5.1.11 release notes","/releases/5.1.11","releases/5.1.11",{"title":945,"path":946,"stem":947},"Django 5.1.12 release notes","/releases/5.1.12","releases/5.1.12",{"title":949,"path":950,"stem":951},"Django 5.1.13 release notes","/releases/5.1.13","releases/5.1.13",{"title":953,"path":954,"stem":955},"Django 5.1.14 release notes","/releases/5.1.14","releases/5.1.14",{"title":957,"path":958,"stem":959},"Django 5.1.15 release notes","/releases/5.1.15","releases/5.1.15",{"title":961,"path":962,"stem":963},"Django 5.2 release notes","/releases/5.2","releases/5.2",{"title":965,"path":966,"stem":967},"Django 5.2.1 release notes","/releases/5.2.1","releases/5.2.1",{"title":969,"path":970,"stem":971},"Django 5.2.10 release notes","/releases/5.2.10","releases/5.2.10",{"title":973,"path":974,"stem":975},"Django 5.2.2 release notes","/releases/5.2.2","releases/5.2.2",{"title":977,"path":978,"stem":979},"Django 5.2.3 release notes","/releases/5.2.3","releases/5.2.3",{"title":981,"path":982,"stem":983},"Django 5.2.4 release notes","/releases/5.2.4","releases/5.2.4",{"title":985,"path":986,"stem":987},"Django 5.2.5 release notes","/releases/5.2.5","releases/5.2.5",{"title":989,"path":990,"stem":991},"Django 5.2.6 release notes","/releases/5.2.6","releases/5.2.6",{"title":993,"path":994,"stem":995},"Django 5.2.7 release notes","/releases/5.2.7","releases/5.2.7",{"title":997,"path":998,"stem":999},"Django 5.2.8 release notes","/releases/5.2.8","releases/5.2.8",{"title":1001,"path":1002,"stem":1003},"Django 5.2.9 release notes","/releases/5.2.9","releases/5.2.9",{"title":1005,"path":1006,"stem":1007},"Django 6.0 release notes","/releases/6.0","releases/6.0",{"title":1009,"path":1010,"stem":1011},"Django 6.0.1 release notes","/releases/6.0.1","releases/6.0.1",{"title":1013,"path":1014,"stem":1015},"Django 6.1 release notes - UNDER DEVELOPMENT","/releases/6.1","releases/6.1",{"id":1017,"title":551,"body":1018,"description":1028,"extension":9642,"links":9643,"meta":9644,"navigation":1699,"path":552,"seo":9645,"stem":553,"__hash__":9646},"docs/14.security/03.cross-site-request-forgery.md",{"type":1019,"value":1020,"toc":9611},"minimark",[1021,1025,1029,1034,1039,1460,1464,1731,1735,1739,1977,1981,2320,2324,3704,3708,3712,4842,4846,5123,5127,5131,5567,5571,5702,5706,6977,6981,6985,7619,7623,8455,8459,8463,9490,9493,9497,9600,9604,9607],[1022,1023,551],"h1",{"id":1024},"cross-site-request-forgery",[1026,1027,1028],"p",{},"Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application in which they're currently authenticated. Django provides robust built-in CSRF protection that's enabled by default.",[1030,1031,1033],"h2",{"id":1032},"understanding-csrf-attacks","Understanding CSRF Attacks",[1035,1036,1038],"h3",{"id":1037},"how-csrf-works","How CSRF Works",[1040,1041,1046],"pre",{"className":1042,"code":1043,"language":1044,"meta":1045,"style":1045},"language-html shiki shiki-themes material-theme-lighter vitesse-light vitesse-dark","\u003C!-- Malicious website example -->\n\u003C!DOCTYPE html>\n\u003Chtml>\n\u003Chead>\n \u003Ctitle>Innocent Looking Page\u003C/title>\n\u003C/head>\n\u003Cbody>\n \u003Ch1>Check out this funny cat video!\u003C/h1>\n \n \u003C!-- Hidden malicious form that submits to your Django app -->\n \u003Cform id=\"malicious-form\" action=\"https://yourapp.com/transfer-money/\" method=\"POST\" style=\"display: none;\">\n \u003Cinput type=\"hidden\" name=\"amount\" value=\"1000\">\n \u003Cinput type=\"hidden\" name=\"to_account\" value=\"attacker-account\">\n \u003C/form>\n \n \u003Cscript>\n // Automatically submit the form when page loads\n document.getElementById('malicious-form').submit();\n \u003C/script>\n \n \u003C!-- User sees this innocent content -->\n \u003Cimg src=\"cat-video-thumbnail.jpg\" alt=\"Funny cat\">\n\u003C/body>\n\u003C/html>\n","html","",[1047,1048,1049,1058,1076,1086,1096,1119,1128,1138,1156,1162,1168,1230,1277,1318,1328,1333,1343,1349,1388,1397,1402,1408,1442,1451],"code",{"__ignoreMap":1045},[1050,1051,1054],"span",{"class":1052,"line":1053},"line",1,[1050,1055,1057],{"class":1056},"s9Tkl","\u003C!-- Malicious website example -->\n",[1050,1059,1061,1065,1069,1073],{"class":1052,"line":1060},2,[1050,1062,1064],{"class":1063},"soVBu","\u003C!",[1050,1066,1068],{"class":1067},"sJFLg","DOCTYPE",[1050,1070,1072],{"class":1071},"s5q8q"," html",[1050,1074,1075],{"class":1063},">\n",[1050,1077,1079,1082,1084],{"class":1052,"line":1078},3,[1050,1080,1081],{"class":1063},"\u003C",[1050,1083,1044],{"class":1067},[1050,1085,1075],{"class":1063},[1050,1087,1089,1091,1094],{"class":1052,"line":1088},4,[1050,1090,1081],{"class":1063},[1050,1092,1093],{"class":1067},"head",[1050,1095,1075],{"class":1063},[1050,1097,1099,1102,1105,1108,1112,1115,1117],{"class":1052,"line":1098},5,[1050,1100,1101],{"class":1063}," \u003C",[1050,1103,1104],{"class":1067},"title",[1050,1106,1107],{"class":1063},">",[1050,1109,1111],{"class":1110},"sftqT","Innocent Looking Page",[1050,1113,1114],{"class":1063},"\u003C/",[1050,1116,1104],{"class":1067},[1050,1118,1075],{"class":1063},[1050,1120,1122,1124,1126],{"class":1052,"line":1121},6,[1050,1123,1114],{"class":1063},[1050,1125,1093],{"class":1067},[1050,1127,1075],{"class":1063},[1050,1129,1131,1133,1136],{"class":1052,"line":1130},7,[1050,1132,1081],{"class":1063},[1050,1134,1135],{"class":1067},"body",[1050,1137,1075],{"class":1063},[1050,1139,1141,1143,1145,1147,1150,1152,1154],{"class":1052,"line":1140},8,[1050,1142,1101],{"class":1063},[1050,1144,1022],{"class":1067},[1050,1146,1107],{"class":1063},[1050,1148,1149],{"class":1110},"Check out this funny cat video!",[1050,1151,1114],{"class":1063},[1050,1153,1022],{"class":1067},[1050,1155,1075],{"class":1063},[1050,1157,1159],{"class":1052,"line":1158},9,[1050,1160,1161],{"class":1110}," \n",[1050,1163,1165],{"class":1052,"line":1164},10,[1050,1166,1167],{"class":1056}," \u003C!-- Hidden malicious form that submits to your Django app -->\n",[1050,1169,1171,1173,1176,1179,1182,1186,1190,1192,1195,1197,1199,1202,1204,1207,1209,1211,1214,1216,1219,1221,1223,1226,1228],{"class":1052,"line":1170},11,[1050,1172,1101],{"class":1063},[1050,1174,1175],{"class":1067},"form",[1050,1177,1178],{"class":1071}," id",[1050,1180,1181],{"class":1063},"=",[1050,1183,1185],{"class":1184},"sbYkP","\"",[1050,1187,1189],{"class":1188},"sTbE_","malicious-form",[1050,1191,1185],{"class":1184},[1050,1193,1194],{"class":1071}," action",[1050,1196,1181],{"class":1063},[1050,1198,1185],{"class":1184},[1050,1200,1201],{"class":1188},"https://yourapp.com/transfer-money/",[1050,1203,1185],{"class":1184},[1050,1205,1206],{"class":1071}," method",[1050,1208,1181],{"class":1063},[1050,1210,1185],{"class":1184},[1050,1212,1213],{"class":1188},"POST",[1050,1215,1185],{"class":1184},[1050,1217,1218],{"class":1071}," style",[1050,1220,1181],{"class":1063},[1050,1222,1185],{"class":1184},[1050,1224,1225],{"class":1188},"display: none;",[1050,1227,1185],{"class":1184},[1050,1229,1075],{"class":1063},[1050,1231,1233,1236,1239,1242,1244,1246,1249,1251,1254,1256,1258,1261,1263,1266,1268,1270,1273,1275],{"class":1052,"line":1232},12,[1050,1234,1235],{"class":1063}," \u003C",[1050,1237,1238],{"class":1067},"input",[1050,1240,1241],{"class":1071}," type",[1050,1243,1181],{"class":1063},[1050,1245,1185],{"class":1184},[1050,1247,1248],{"class":1188},"hidden",[1050,1250,1185],{"class":1184},[1050,1252,1253],{"class":1071}," name",[1050,1255,1181],{"class":1063},[1050,1257,1185],{"class":1184},[1050,1259,1260],{"class":1188},"amount",[1050,1262,1185],{"class":1184},[1050,1264,1265],{"class":1071}," value",[1050,1267,1181],{"class":1063},[1050,1269,1185],{"class":1184},[1050,1271,1272],{"class":1188},"1000",[1050,1274,1185],{"class":1184},[1050,1276,1075],{"class":1063},[1050,1278,1280,1282,1284,1286,1288,1290,1292,1294,1296,1298,1300,1303,1305,1307,1309,1311,1314,1316],{"class":1052,"line":1279},13,[1050,1281,1235],{"class":1063},[1050,1283,1238],{"class":1067},[1050,1285,1241],{"class":1071},[1050,1287,1181],{"class":1063},[1050,1289,1185],{"class":1184},[1050,1291,1248],{"class":1188},[1050,1293,1185],{"class":1184},[1050,1295,1253],{"class":1071},[1050,1297,1181],{"class":1063},[1050,1299,1185],{"class":1184},[1050,1301,1302],{"class":1188},"to_account",[1050,1304,1185],{"class":1184},[1050,1306,1265],{"class":1071},[1050,1308,1181],{"class":1063},[1050,1310,1185],{"class":1184},[1050,1312,1313],{"class":1188},"attacker-account",[1050,1315,1185],{"class":1184},[1050,1317,1075],{"class":1063},[1050,1319,1321,1324,1326],{"class":1052,"line":1320},14,[1050,1322,1323],{"class":1063}," \u003C/",[1050,1325,1175],{"class":1067},[1050,1327,1075],{"class":1063},[1050,1329,1331],{"class":1052,"line":1330},15,[1050,1332,1161],{"class":1110},[1050,1334,1336,1338,1341],{"class":1052,"line":1335},16,[1050,1337,1101],{"class":1063},[1050,1339,1340],{"class":1067},"script",[1050,1342,1075],{"class":1063},[1050,1344,1346],{"class":1052,"line":1345},17,[1050,1347,1348],{"class":1056}," // Automatically submit the form when page loads\n",[1050,1350,1352,1356,1359,1363,1367,1370,1372,1374,1377,1379,1382,1385],{"class":1052,"line":1351},18,[1050,1353,1355],{"class":1354},"sSC40"," document",[1050,1357,1358],{"class":1063},".",[1050,1360,1362],{"class":1361},"sljsM","getElementById",[1050,1364,1366],{"class":1365},"snCua","(",[1050,1368,1369],{"class":1184},"'",[1050,1371,1189],{"class":1188},[1050,1373,1369],{"class":1184},[1050,1375,1376],{"class":1365},")",[1050,1378,1358],{"class":1063},[1050,1380,1381],{"class":1361},"submit",[1050,1383,1384],{"class":1365},"()",[1050,1386,1387],{"class":1063},";\n",[1050,1389,1391,1393,1395],{"class":1052,"line":1390},19,[1050,1392,1323],{"class":1063},[1050,1394,1340],{"class":1067},[1050,1396,1075],{"class":1063},[1050,1398,1400],{"class":1052,"line":1399},20,[1050,1401,1161],{"class":1110},[1050,1403,1405],{"class":1052,"line":1404},21,[1050,1406,1407],{"class":1056}," \u003C!-- User sees this innocent content -->\n",[1050,1409,1411,1413,1416,1419,1421,1423,1426,1428,1431,1433,1435,1438,1440],{"class":1052,"line":1410},22,[1050,1412,1101],{"class":1063},[1050,1414,1415],{"class":1067},"img",[1050,1417,1418],{"class":1071}," src",[1050,1420,1181],{"class":1063},[1050,1422,1185],{"class":1184},[1050,1424,1425],{"class":1188},"cat-video-thumbnail.jpg",[1050,1427,1185],{"class":1184},[1050,1429,1430],{"class":1071}," alt",[1050,1432,1181],{"class":1063},[1050,1434,1185],{"class":1184},[1050,1436,1437],{"class":1188},"Funny cat",[1050,1439,1185],{"class":1184},[1050,1441,1075],{"class":1063},[1050,1443,1445,1447,1449],{"class":1052,"line":1444},23,[1050,1446,1114],{"class":1063},[1050,1448,1135],{"class":1067},[1050,1450,1075],{"class":1063},[1050,1452,1454,1456,1458],{"class":1052,"line":1453},24,[1050,1455,1114],{"class":1063},[1050,1457,1044],{"class":1067},[1050,1459,1075],{"class":1063},[1035,1461,1463],{"id":1462},"csrf-attack-scenarios","CSRF Attack Scenarios",[1040,1465,1469],{"className":1466,"code":1467,"language":1468,"meta":1045,"style":1045},"language-python shiki shiki-themes material-theme-lighter vitesse-light vitesse-dark","# Vulnerable view without CSRF protection\ndef transfer_money(request):\n \"\"\"VULNERABLE: No CSRF protection\"\"\"\n if request.method == 'POST':\n amount = request.POST.get('amount')\n to_account = request.POST.get('to_account')\n \n # This could be executed by a CSRF attack!\n user_account = request.user.account\n user_account.transfer(amount, to_account)\n \n return HttpResponse(\"Transfer completed\")\n \n return render(request, 'transfer_form.html')\n\n# Other vulnerable scenarios:\n# - Changing user email/password\n# - Deleting user data\n# - Making purchases\n# - Posting content on behalf of user\n# - Changing user preferences/settings\n","python",[1047,1470,1471,1476,1494,1507,1536,1567,1594,1599,1604,1623,1645,1649,1668,1672,1695,1701,1706,1711,1716,1721,1726],{"__ignoreMap":1045},[1050,1472,1473],{"class":1052,"line":1053},[1050,1474,1475],{"class":1056},"# Vulnerable view without CSRF protection\n",[1050,1477,1478,1482,1485,1487,1491],{"class":1052,"line":1060},[1050,1479,1481],{"class":1480},"s5Kfy","def",[1050,1483,1484],{"class":1361}," transfer_money",[1050,1486,1366],{"class":1063},[1050,1488,1490],{"class":1489},"sCyAa","request",[1050,1492,1493],{"class":1063},"):\n",[1050,1495,1496,1500,1504],{"class":1052,"line":1078},[1050,1497,1499],{"class":1498},"sm7ve"," \"\"\"",[1050,1501,1503],{"class":1502},"sVyVU","VULNERABLE: No CSRF protection",[1050,1505,1506],{"class":1498},"\"\"\"\n",[1050,1508,1509,1513,1516,1518,1522,1526,1529,1531,1533],{"class":1052,"line":1088},[1050,1510,1512],{"class":1511},"siDh9"," if",[1050,1514,1515],{"class":1110}," request",[1050,1517,1358],{"class":1063},[1050,1519,1521],{"class":1520},"sBPpx","method",[1050,1523,1525],{"class":1524},"sVsLi"," ==",[1050,1527,1528],{"class":1184}," '",[1050,1530,1213],{"class":1188},[1050,1532,1369],{"class":1184},[1050,1534,1535],{"class":1063},":\n",[1050,1537,1538,1541,1543,1545,1547,1550,1552,1556,1558,1560,1562,1564],{"class":1052,"line":1098},[1050,1539,1540],{"class":1110}," amount ",[1050,1542,1181],{"class":1063},[1050,1544,1515],{"class":1110},[1050,1546,1358],{"class":1063},[1050,1548,1213],{"class":1549},"sFGJz",[1050,1551,1358],{"class":1063},[1050,1553,1555],{"class":1554},"siWMO","get",[1050,1557,1366],{"class":1063},[1050,1559,1369],{"class":1184},[1050,1561,1260],{"class":1188},[1050,1563,1369],{"class":1184},[1050,1565,1566],{"class":1063},")\n",[1050,1568,1569,1572,1574,1576,1578,1580,1582,1584,1586,1588,1590,1592],{"class":1052,"line":1121},[1050,1570,1571],{"class":1110}," to_account ",[1050,1573,1181],{"class":1063},[1050,1575,1515],{"class":1110},[1050,1577,1358],{"class":1063},[1050,1579,1213],{"class":1549},[1050,1581,1358],{"class":1063},[1050,1583,1555],{"class":1554},[1050,1585,1366],{"class":1063},[1050,1587,1369],{"class":1184},[1050,1589,1302],{"class":1188},[1050,1591,1369],{"class":1184},[1050,1593,1566],{"class":1063},[1050,1595,1596],{"class":1052,"line":1130},[1050,1597,1598],{"class":1110}," \n",[1050,1600,1601],{"class":1052,"line":1140},[1050,1602,1603],{"class":1056}," # This could be executed by a CSRF attack!\n",[1050,1605,1606,1609,1611,1613,1615,1618,1620],{"class":1052,"line":1158},[1050,1607,1608],{"class":1110}," user_account ",[1050,1610,1181],{"class":1063},[1050,1612,1515],{"class":1110},[1050,1614,1358],{"class":1063},[1050,1616,1617],{"class":1520},"user",[1050,1619,1358],{"class":1063},[1050,1621,1622],{"class":1520},"account\n",[1050,1624,1625,1628,1630,1633,1635,1637,1640,1643],{"class":1052,"line":1164},[1050,1626,1627],{"class":1110}," user_account",[1050,1629,1358],{"class":1063},[1050,1631,1632],{"class":1554},"transfer",[1050,1634,1366],{"class":1063},[1050,1636,1260],{"class":1554},[1050,1638,1639],{"class":1063},",",[1050,1641,1642],{"class":1554}," to_account",[1050,1644,1566],{"class":1063},[1050,1646,1647],{"class":1052,"line":1170},[1050,1648,1598],{"class":1110},[1050,1650,1651,1654,1657,1659,1661,1664,1666],{"class":1052,"line":1232},[1050,1652,1653],{"class":1511}," return",[1050,1655,1656],{"class":1554}," HttpResponse",[1050,1658,1366],{"class":1063},[1050,1660,1185],{"class":1184},[1050,1662,1663],{"class":1188},"Transfer completed",[1050,1665,1185],{"class":1184},[1050,1667,1566],{"class":1063},[1050,1669,1670],{"class":1052,"line":1279},[1050,1671,1161],{"class":1110},[1050,1673,1674,1677,1680,1682,1684,1686,1688,1691,1693],{"class":1052,"line":1320},[1050,1675,1676],{"class":1511}," return",[1050,1678,1679],{"class":1554}," render",[1050,1681,1366],{"class":1063},[1050,1683,1490],{"class":1554},[1050,1685,1639],{"class":1063},[1050,1687,1528],{"class":1184},[1050,1689,1690],{"class":1188},"transfer_form.html",[1050,1692,1369],{"class":1184},[1050,1694,1566],{"class":1063},[1050,1696,1697],{"class":1052,"line":1330},[1050,1698,1700],{"emptyLinePlaceholder":1699},true,"\n",[1050,1702,1703],{"class":1052,"line":1335},[1050,1704,1705],{"class":1056},"# Other vulnerable scenarios:\n",[1050,1707,1708],{"class":1052,"line":1345},[1050,1709,1710],{"class":1056},"# - Changing user email/password\n",[1050,1712,1713],{"class":1052,"line":1351},[1050,1714,1715],{"class":1056},"# - Deleting user data\n",[1050,1717,1718],{"class":1052,"line":1390},[1050,1719,1720],{"class":1056},"# - Making purchases\n",[1050,1722,1723],{"class":1052,"line":1399},[1050,1724,1725],{"class":1056},"# - Posting content on behalf of user\n",[1050,1727,1728],{"class":1052,"line":1404},[1050,1729,1730],{"class":1056},"# - Changing user preferences/settings\n",[1030,1732,1734],{"id":1733},"djangos-csrf-protection","Django's CSRF Protection",[1035,1736,1738],{"id":1737},"how-django-csrf-protection-works","How Django CSRF Protection Works",[1040,1740,1742],{"className":1466,"code":1741,"language":1468,"meta":1045,"style":1045},"# Django's CSRF protection mechanism:\n\n# 1. CSRF middleware generates a secret token\n# 2. Token is stored in user's session\n# 3. Token is embedded in forms via {% csrf_token %}\n# 4. On form submission, Django validates the token\n# 5. Request is rejected if token is missing or invalid\n\n# settings.py - CSRF middleware (enabled by default)\nMIDDLEWARE = [\n 'django.middleware.csrf.CsrfViewMiddleware', # CSRF protection\n # ... other middleware\n]\n\n# CSRF settings\nCSRF_COOKIE_AGE = 31449600 # 1 year\nCSRF_COOKIE_DOMAIN = None\nCSRF_COOKIE_HTTPONLY = False # Must be False for JavaScript access\nCSRF_COOKIE_NAME = 'csrftoken'\nCSRF_COOKIE_PATH = '/'\nCSRF_COOKIE_SAMESITE = 'Lax'\nCSRF_COOKIE_SECURE = True # True in production with HTTPS\nCSRF_FAILURE_VIEW = 'django.views.csrf.csrf_failure'\nCSRF_HEADER_NAME = 'HTTP_X_CSRFTOKEN'\nCSRF_TRUSTED_ORIGINS = []\nCSRF_USE_SESSIONS = False\n",[1047,1743,1744,1749,1753,1758,1763,1768,1773,1778,1782,1787,1799,1814,1819,1824,1828,1833,1847,1858,1871,1886,1900,1914,1927,1941,1955,1966],{"__ignoreMap":1045},[1050,1745,1746],{"class":1052,"line":1053},[1050,1747,1748],{"class":1056},"# Django's CSRF protection mechanism:\n",[1050,1750,1751],{"class":1052,"line":1060},[1050,1752,1700],{"emptyLinePlaceholder":1699},[1050,1754,1755],{"class":1052,"line":1078},[1050,1756,1757],{"class":1056},"# 1. CSRF middleware generates a secret token\n",[1050,1759,1760],{"class":1052,"line":1088},[1050,1761,1762],{"class":1056},"# 2. Token is stored in user's session\n",[1050,1764,1765],{"class":1052,"line":1098},[1050,1766,1767],{"class":1056},"# 3. Token is embedded in forms via {% csrf_token %}\n",[1050,1769,1770],{"class":1052,"line":1121},[1050,1771,1772],{"class":1056},"# 4. On form submission, Django validates the token\n",[1050,1774,1775],{"class":1052,"line":1130},[1050,1776,1777],{"class":1056},"# 5. Request is rejected if token is missing or invalid\n",[1050,1779,1780],{"class":1052,"line":1140},[1050,1781,1700],{"emptyLinePlaceholder":1699},[1050,1783,1784],{"class":1052,"line":1158},[1050,1785,1786],{"class":1056},"# settings.py - CSRF middleware (enabled by default)\n",[1050,1788,1789,1793,1796],{"class":1052,"line":1164},[1050,1790,1792],{"class":1791},"se3Ec","MIDDLEWARE",[1050,1794,1795],{"class":1063}," =",[1050,1797,1798],{"class":1063}," [\n",[1050,1800,1801,1804,1807,1809,1811],{"class":1052,"line":1170},[1050,1802,1803],{"class":1184}," '",[1050,1805,1806],{"class":1188},"django.middleware.csrf.CsrfViewMiddleware",[1050,1808,1369],{"class":1184},[1050,1810,1639],{"class":1063},[1050,1812,1813],{"class":1056}," # CSRF protection\n",[1050,1815,1816],{"class":1052,"line":1232},[1050,1817,1818],{"class":1056}," # ... other middleware\n",[1050,1820,1821],{"class":1052,"line":1279},[1050,1822,1823],{"class":1063},"]\n",[1050,1825,1826],{"class":1052,"line":1320},[1050,1827,1700],{"emptyLinePlaceholder":1699},[1050,1829,1830],{"class":1052,"line":1330},[1050,1831,1832],{"class":1056},"# CSRF settings\n",[1050,1834,1835,1838,1840,1844],{"class":1052,"line":1335},[1050,1836,1837],{"class":1791},"CSRF_COOKIE_AGE",[1050,1839,1795],{"class":1063},[1050,1841,1843],{"class":1842},"s7CZa"," 31449600",[1050,1845,1846],{"class":1056}," # 1 year\n",[1050,1848,1849,1852,1854],{"class":1052,"line":1345},[1050,1850,1851],{"class":1791},"CSRF_COOKIE_DOMAIN",[1050,1853,1795],{"class":1063},[1050,1855,1857],{"class":1856},"s8XtY"," None\n",[1050,1859,1860,1863,1865,1868],{"class":1052,"line":1351},[1050,1861,1862],{"class":1791},"CSRF_COOKIE_HTTPONLY",[1050,1864,1795],{"class":1063},[1050,1866,1867],{"class":1856}," False",[1050,1869,1870],{"class":1056}," # Must be False for JavaScript access\n",[1050,1872,1873,1876,1878,1880,1883],{"class":1052,"line":1390},[1050,1874,1875],{"class":1791},"CSRF_COOKIE_NAME",[1050,1877,1795],{"class":1063},[1050,1879,1528],{"class":1184},[1050,1881,1882],{"class":1188},"csrftoken",[1050,1884,1885],{"class":1184},"'\n",[1050,1887,1888,1891,1893,1895,1898],{"class":1052,"line":1399},[1050,1889,1890],{"class":1791},"CSRF_COOKIE_PATH",[1050,1892,1795],{"class":1063},[1050,1894,1528],{"class":1184},[1050,1896,1897],{"class":1188},"/",[1050,1899,1885],{"class":1184},[1050,1901,1902,1905,1907,1909,1912],{"class":1052,"line":1404},[1050,1903,1904],{"class":1791},"CSRF_COOKIE_SAMESITE",[1050,1906,1795],{"class":1063},[1050,1908,1528],{"class":1184},[1050,1910,1911],{"class":1188},"Lax",[1050,1913,1885],{"class":1184},[1050,1915,1916,1919,1921,1924],{"class":1052,"line":1410},[1050,1917,1918],{"class":1791},"CSRF_COOKIE_SECURE",[1050,1920,1795],{"class":1063},[1050,1922,1923],{"class":1856}," True",[1050,1925,1926],{"class":1056}," # True in production with HTTPS\n",[1050,1928,1929,1932,1934,1936,1939],{"class":1052,"line":1444},[1050,1930,1931],{"class":1791},"CSRF_FAILURE_VIEW",[1050,1933,1795],{"class":1063},[1050,1935,1528],{"class":1184},[1050,1937,1938],{"class":1188},"django.views.csrf.csrf_failure",[1050,1940,1885],{"class":1184},[1050,1942,1943,1946,1948,1950,1953],{"class":1052,"line":1453},[1050,1944,1945],{"class":1791},"CSRF_HEADER_NAME",[1050,1947,1795],{"class":1063},[1050,1949,1528],{"class":1184},[1050,1951,1952],{"class":1188},"HTTP_X_CSRFTOKEN",[1050,1954,1885],{"class":1184},[1050,1956,1958,1961,1963],{"class":1052,"line":1957},25,[1050,1959,1960],{"class":1791},"CSRF_TRUSTED_ORIGINS",[1050,1962,1795],{"class":1063},[1050,1964,1965],{"class":1063}," []\n",[1050,1967,1969,1972,1974],{"class":1052,"line":1968},26,[1050,1970,1971],{"class":1791},"CSRF_USE_SESSIONS",[1050,1973,1795],{"class":1063},[1050,1975,1976],{"class":1856}," False\n",[1035,1978,1980],{"id":1979},"basic-csrf-protection-in-templates","Basic CSRF Protection in Templates",[1040,1982,1984],{"className":1042,"code":1983,"language":1044,"meta":1045,"style":1045},"\u003C!-- forms.html - Basic CSRF protection -->\n\u003Cform method=\"post\" action=\"{% url 'transfer_money' %}\">\n {% csrf_token %} \u003C!-- This adds the CSRF token -->\n \n \u003Cdiv class=\"form-group\">\n \u003Clabel for=\"amount\">Amount:\u003C/label>\n \u003Cinput type=\"number\" id=\"amount\" name=\"amount\" required>\n \u003C/div>\n \n \u003Cdiv class=\"form-group\">\n \u003Clabel for=\"to_account\">To Account:\u003C/label>\n \u003Cinput type=\"text\" id=\"to_account\" name=\"to_account\" required>\n \u003C/div>\n \n \u003Cbutton type=\"submit\">Transfer Money\u003C/button>\n\u003C/form>\n\n\u003C!-- The {% csrf_token %} generates something like: -->\n\u003Cinput type=\"hidden\" name=\"csrfmiddlewaretoken\" value=\"abc123def456...\">\n",[1047,1985,1986,1991,2021,2029,2033,2054,2083,2125,2133,2137,2155,2182,2223,2231,2235,2263,2271,2275,2280],{"__ignoreMap":1045},[1050,1987,1988],{"class":1052,"line":1053},[1050,1989,1990],{"class":1056},"\u003C!-- forms.html - Basic CSRF protection -->\n",[1050,1992,1993,1995,1997,1999,2001,2003,2006,2008,2010,2012,2014,2017,2019],{"class":1052,"line":1060},[1050,1994,1081],{"class":1063},[1050,1996,1175],{"class":1067},[1050,1998,1206],{"class":1071},[1050,2000,1181],{"class":1063},[1050,2002,1185],{"class":1184},[1050,2004,2005],{"class":1188},"post",[1050,2007,1185],{"class":1184},[1050,2009,1194],{"class":1071},[1050,2011,1181],{"class":1063},[1050,2013,1185],{"class":1184},[1050,2015,2016],{"class":1188},"{% url 'transfer_money' %}",[1050,2018,1185],{"class":1184},[1050,2020,1075],{"class":1063},[1050,2022,2023,2026],{"class":1052,"line":1078},[1050,2024,2025],{"class":1110}," {% csrf_token %} ",[1050,2027,2028],{"class":1056},"\u003C!-- This adds the CSRF token -->\n",[1050,2030,2031],{"class":1052,"line":1088},[1050,2032,1161],{"class":1110},[1050,2034,2035,2037,2040,2043,2045,2047,2050,2052],{"class":1052,"line":1098},[1050,2036,1101],{"class":1063},[1050,2038,2039],{"class":1067},"div",[1050,2041,2042],{"class":1071}," class",[1050,2044,1181],{"class":1063},[1050,2046,1185],{"class":1184},[1050,2048,2049],{"class":1188},"form-group",[1050,2051,1185],{"class":1184},[1050,2053,1075],{"class":1063},[1050,2055,2056,2058,2061,2064,2066,2068,2070,2072,2074,2077,2079,2081],{"class":1052,"line":1121},[1050,2057,1235],{"class":1063},[1050,2059,2060],{"class":1067},"label",[1050,2062,2063],{"class":1071}," for",[1050,2065,1181],{"class":1063},[1050,2067,1185],{"class":1184},[1050,2069,1260],{"class":1188},[1050,2071,1185],{"class":1184},[1050,2073,1107],{"class":1063},[1050,2075,2076],{"class":1110},"Amount:",[1050,2078,1114],{"class":1063},[1050,2080,2060],{"class":1067},[1050,2082,1075],{"class":1063},[1050,2084,2085,2087,2089,2091,2093,2095,2098,2100,2102,2104,2106,2108,2110,2112,2114,2116,2118,2120,2123],{"class":1052,"line":1130},[1050,2086,1235],{"class":1063},[1050,2088,1238],{"class":1067},[1050,2090,1241],{"class":1071},[1050,2092,1181],{"class":1063},[1050,2094,1185],{"class":1184},[1050,2096,2097],{"class":1188},"number",[1050,2099,1185],{"class":1184},[1050,2101,1178],{"class":1071},[1050,2103,1181],{"class":1063},[1050,2105,1185],{"class":1184},[1050,2107,1260],{"class":1188},[1050,2109,1185],{"class":1184},[1050,2111,1253],{"class":1071},[1050,2113,1181],{"class":1063},[1050,2115,1185],{"class":1184},[1050,2117,1260],{"class":1188},[1050,2119,1185],{"class":1184},[1050,2121,2122],{"class":1071}," required",[1050,2124,1075],{"class":1063},[1050,2126,2127,2129,2131],{"class":1052,"line":1140},[1050,2128,1323],{"class":1063},[1050,2130,2039],{"class":1067},[1050,2132,1075],{"class":1063},[1050,2134,2135],{"class":1052,"line":1158},[1050,2136,1161],{"class":1110},[1050,2138,2139,2141,2143,2145,2147,2149,2151,2153],{"class":1052,"line":1164},[1050,2140,1101],{"class":1063},[1050,2142,2039],{"class":1067},[1050,2144,2042],{"class":1071},[1050,2146,1181],{"class":1063},[1050,2148,1185],{"class":1184},[1050,2150,2049],{"class":1188},[1050,2152,1185],{"class":1184},[1050,2154,1075],{"class":1063},[1050,2156,2157,2159,2161,2163,2165,2167,2169,2171,2173,2176,2178,2180],{"class":1052,"line":1170},[1050,2158,1235],{"class":1063},[1050,2160,2060],{"class":1067},[1050,2162,2063],{"class":1071},[1050,2164,1181],{"class":1063},[1050,2166,1185],{"class":1184},[1050,2168,1302],{"class":1188},[1050,2170,1185],{"class":1184},[1050,2172,1107],{"class":1063},[1050,2174,2175],{"class":1110},"To Account:",[1050,2177,1114],{"class":1063},[1050,2179,2060],{"class":1067},[1050,2181,1075],{"class":1063},[1050,2183,2184,2186,2188,2190,2192,2194,2197,2199,2201,2203,2205,2207,2209,2211,2213,2215,2217,2219,2221],{"class":1052,"line":1232},[1050,2185,1235],{"class":1063},[1050,2187,1238],{"class":1067},[1050,2189,1241],{"class":1071},[1050,2191,1181],{"class":1063},[1050,2193,1185],{"class":1184},[1050,2195,2196],{"class":1188},"text",[1050,2198,1185],{"class":1184},[1050,2200,1178],{"class":1071},[1050,2202,1181],{"class":1063},[1050,2204,1185],{"class":1184},[1050,2206,1302],{"class":1188},[1050,2208,1185],{"class":1184},[1050,2210,1253],{"class":1071},[1050,2212,1181],{"class":1063},[1050,2214,1185],{"class":1184},[1050,2216,1302],{"class":1188},[1050,2218,1185],{"class":1184},[1050,2220,2122],{"class":1071},[1050,2222,1075],{"class":1063},[1050,2224,2225,2227,2229],{"class":1052,"line":1279},[1050,2226,1323],{"class":1063},[1050,2228,2039],{"class":1067},[1050,2230,1075],{"class":1063},[1050,2232,2233],{"class":1052,"line":1320},[1050,2234,1161],{"class":1110},[1050,2236,2237,2239,2242,2244,2246,2248,2250,2252,2254,2257,2259,2261],{"class":1052,"line":1330},[1050,2238,1101],{"class":1063},[1050,2240,2241],{"class":1067},"button",[1050,2243,1241],{"class":1071},[1050,2245,1181],{"class":1063},[1050,2247,1185],{"class":1184},[1050,2249,1381],{"class":1188},[1050,2251,1185],{"class":1184},[1050,2253,1107],{"class":1063},[1050,2255,2256],{"class":1110},"Transfer Money",[1050,2258,1114],{"class":1063},[1050,2260,2241],{"class":1067},[1050,2262,1075],{"class":1063},[1050,2264,2265,2267,2269],{"class":1052,"line":1335},[1050,2266,1114],{"class":1063},[1050,2268,1175],{"class":1067},[1050,2270,1075],{"class":1063},[1050,2272,2273],{"class":1052,"line":1345},[1050,2274,1700],{"emptyLinePlaceholder":1699},[1050,2276,2277],{"class":1052,"line":1351},[1050,2278,2279],{"class":1056},"\u003C!-- The {% csrf_token %} generates something like: -->\n",[1050,2281,2282,2284,2286,2288,2290,2292,2294,2296,2298,2300,2302,2305,2307,2309,2311,2313,2316,2318],{"class":1052,"line":1390},[1050,2283,1081],{"class":1063},[1050,2285,1238],{"class":1067},[1050,2287,1241],{"class":1071},[1050,2289,1181],{"class":1063},[1050,2291,1185],{"class":1184},[1050,2293,1248],{"class":1188},[1050,2295,1185],{"class":1184},[1050,2297,1253],{"class":1071},[1050,2299,1181],{"class":1063},[1050,2301,1185],{"class":1184},[1050,2303,2304],{"class":1188},"csrfmiddlewaretoken",[1050,2306,1185],{"class":1184},[1050,2308,1265],{"class":1071},[1050,2310,1181],{"class":1063},[1050,2312,1185],{"class":1184},[1050,2314,2315],{"class":1188},"abc123def456...",[1050,2317,1185],{"class":1184},[1050,2319,1075],{"class":1063},[1035,2321,2323],{"id":2322},"csrf-protection-in-views","CSRF Protection in Views",[1040,2325,2327],{"className":1466,"code":2326,"language":1468,"meta":1045,"style":1045},"# views.py - Properly protected views\nfrom django.views.decorators.csrf import csrf_protect\nfrom django.contrib.auth.decorators import login_required\n\n@login_required\n@csrf_protect # Explicitly require CSRF protection\ndef transfer_money(request):\n \"\"\"Secure money transfer with CSRF protection\"\"\"\n \n if request.method == 'POST':\n form = MoneyTransferForm(request.POST)\n \n if form.is_valid():\n # Additional security checks\n amount = form.cleaned_data['amount']\n to_account = form.cleaned_data['to_account']\n \n # Verify user has sufficient funds\n if request.user.account.balance \u003C amount:\n messages.error(request, \"Insufficient funds\")\n return render(request, 'transfer_form.html', {'form': form})\n \n # Verify destination account exists\n try:\n destination = Account.objects.get(number=to_account)\n except Account.DoesNotExist:\n messages.error(request, \"Invalid destination account\")\n return render(request, 'transfer_form.html', {'form': form})\n \n # Perform transfer\n try:\n request.user.account.transfer(amount, destination)\n messages.success(request, f\"Successfully transferred ${amount}\")\n \n # Log the transaction for audit\n logger.info(f\"Money transfer: {request.user.username} -> {to_account}, Amount: ${amount}\")\n \n return redirect('account_dashboard')\n \n except TransferError as e:\n messages.error(request, f\"Transfer failed: {str(e)}\")\n \n else:\n messages.error(request, \"Please correct the errors below\")\n \n else:\n form = MoneyTransferForm()\n \n return render(request, 'transfer_form.html', {'form': form})\n\n# Class-based view with CSRF protection\nfrom django.views.generic import FormView\nfrom django.contrib.auth.mixins import LoginRequiredMixin\n\nclass MoneyTransferView(LoginRequiredMixin, FormView):\n \"\"\"Secure money transfer view\"\"\"\n template_name = 'transfer_form.html'\n form_class = MoneyTransferForm\n success_url = '/account/dashboard/'\n \n def form_valid(self, form):\n \"\"\"Process valid form with additional security checks\"\"\"\n amount = form.cleaned_data['amount']\n to_account = form.cleaned_data['to_account']\n \n # Security validations\n if not self.validate_transfer(amount, to_account):\n return self.form_invalid(form)\n \n # Perform transfer\n try:\n self.request.user.account.transfer(amount, to_account)\n messages.success(self.request, f\"Successfully transferred ${amount}\")\n return super().form_valid(form)\n \n except TransferError as e:\n form.add_error(None, f\"Transfer failed: {str(e)}\")\n return self.form_invalid(form)\n \n def validate_transfer(self, amount, to_account):\n \"\"\"Additional transfer validation\"\"\"\n # Check daily transfer limit\n daily_total = self.request.user.account.get_daily_transfer_total()\n if daily_total + amount > 5000: # $5000 daily limit\n messages.error(self.request, \"Daily transfer limit exceeded\")\n return False\n \n return True\n",[1047,2328,2329,2334,2363,2389,2393,2401,2411,2423,2432,2436,2456,2476,2480,2496,2501,2526,2549,2554,2559,2588,2614,2652,2656,2661,2668,2698,2712,2736,2771,2776,2782,2789,2818,2853,2859,2865,2921,2926,2945,2950,2966,3005,3010,3018,3043,3048,3056,3068,3073,3108,3113,3119,3140,3165,3170,3193,3203,3217,3228,3243,3248,3269,3280,3303,3326,3331,3337,3363,3382,3387,3393,3401,3433,3466,3486,3491,3505,3543,3560,3565,3587,3597,3603,3632,3656,3684,3691,3696],{"__ignoreMap":1045},[1050,2330,2331],{"class":1052,"line":1053},[1050,2332,2333],{"class":1056},"# views.py - Properly protected views\n",[1050,2335,2336,2339,2342,2344,2347,2349,2352,2354,2357,2360],{"class":1052,"line":1060},[1050,2337,2338],{"class":1511},"from",[1050,2340,2341],{"class":1110}," django",[1050,2343,1358],{"class":1063},[1050,2345,2346],{"class":1110},"views",[1050,2348,1358],{"class":1063},[1050,2350,2351],{"class":1110},"decorators",[1050,2353,1358],{"class":1063},[1050,2355,2356],{"class":1110},"csrf ",[1050,2358,2359],{"class":1511},"import",[1050,2361,2362],{"class":1110}," csrf_protect\n",[1050,2364,2365,2367,2369,2371,2374,2376,2379,2381,2384,2386],{"class":1052,"line":1078},[1050,2366,2338],{"class":1511},[1050,2368,2341],{"class":1110},[1050,2370,1358],{"class":1063},[1050,2372,2373],{"class":1110},"contrib",[1050,2375,1358],{"class":1063},[1050,2377,2378],{"class":1110},"auth",[1050,2380,1358],{"class":1063},[1050,2382,2383],{"class":1110},"decorators ",[1050,2385,2359],{"class":1511},[1050,2387,2388],{"class":1110}," login_required\n",[1050,2390,2391],{"class":1052,"line":1088},[1050,2392,1700],{"emptyLinePlaceholder":1699},[1050,2394,2395,2398],{"class":1052,"line":1098},[1050,2396,2397],{"class":1063},"@",[1050,2399,2400],{"class":1361},"login_required\n",[1050,2402,2403,2405,2408],{"class":1052,"line":1121},[1050,2404,2397],{"class":1063},[1050,2406,2407],{"class":1361},"csrf_protect",[1050,2409,2410],{"class":1056}," # Explicitly require CSRF protection\n",[1050,2412,2413,2415,2417,2419,2421],{"class":1052,"line":1130},[1050,2414,1481],{"class":1480},[1050,2416,1484],{"class":1361},[1050,2418,1366],{"class":1063},[1050,2420,1490],{"class":1489},[1050,2422,1493],{"class":1063},[1050,2424,2425,2427,2430],{"class":1052,"line":1140},[1050,2426,1499],{"class":1498},[1050,2428,2429],{"class":1502},"Secure money transfer with CSRF protection",[1050,2431,1506],{"class":1498},[1050,2433,2434],{"class":1052,"line":1158},[1050,2435,1161],{"class":1110},[1050,2437,2438,2440,2442,2444,2446,2448,2450,2452,2454],{"class":1052,"line":1164},[1050,2439,1512],{"class":1511},[1050,2441,1515],{"class":1110},[1050,2443,1358],{"class":1063},[1050,2445,1521],{"class":1520},[1050,2447,1525],{"class":1524},[1050,2449,1528],{"class":1184},[1050,2451,1213],{"class":1188},[1050,2453,1369],{"class":1184},[1050,2455,1535],{"class":1063},[1050,2457,2458,2461,2463,2466,2468,2470,2472,2474],{"class":1052,"line":1170},[1050,2459,2460],{"class":1110}," form ",[1050,2462,1181],{"class":1063},[1050,2464,2465],{"class":1554}," MoneyTransferForm",[1050,2467,1366],{"class":1063},[1050,2469,1490],{"class":1554},[1050,2471,1358],{"class":1063},[1050,2473,1213],{"class":1549},[1050,2475,1566],{"class":1063},[1050,2477,2478],{"class":1052,"line":1232},[1050,2479,1598],{"class":1110},[1050,2481,2482,2485,2488,2490,2493],{"class":1052,"line":1279},[1050,2483,2484],{"class":1511}," if",[1050,2486,2487],{"class":1110}," form",[1050,2489,1358],{"class":1063},[1050,2491,2492],{"class":1554},"is_valid",[1050,2494,2495],{"class":1063},"():\n",[1050,2497,2498],{"class":1052,"line":1320},[1050,2499,2500],{"class":1056}," # Additional security checks\n",[1050,2502,2503,2506,2508,2510,2512,2515,2518,2520,2522,2524],{"class":1052,"line":1330},[1050,2504,2505],{"class":1110}," amount ",[1050,2507,1181],{"class":1063},[1050,2509,2487],{"class":1110},[1050,2511,1358],{"class":1063},[1050,2513,2514],{"class":1520},"cleaned_data",[1050,2516,2517],{"class":1063},"[",[1050,2519,1369],{"class":1184},[1050,2521,1260],{"class":1188},[1050,2523,1369],{"class":1184},[1050,2525,1823],{"class":1063},[1050,2527,2528,2531,2533,2535,2537,2539,2541,2543,2545,2547],{"class":1052,"line":1335},[1050,2529,2530],{"class":1110}," to_account ",[1050,2532,1181],{"class":1063},[1050,2534,2487],{"class":1110},[1050,2536,1358],{"class":1063},[1050,2538,2514],{"class":1520},[1050,2540,2517],{"class":1063},[1050,2542,1369],{"class":1184},[1050,2544,1302],{"class":1188},[1050,2546,1369],{"class":1184},[1050,2548,1823],{"class":1063},[1050,2550,2551],{"class":1052,"line":1345},[1050,2552,2553],{"class":1110}," \n",[1050,2555,2556],{"class":1052,"line":1351},[1050,2557,2558],{"class":1056}," # Verify user has sufficient funds\n",[1050,2560,2561,2564,2566,2568,2570,2572,2575,2577,2580,2583,2586],{"class":1052,"line":1390},[1050,2562,2563],{"class":1511}," if",[1050,2565,1515],{"class":1110},[1050,2567,1358],{"class":1063},[1050,2569,1617],{"class":1520},[1050,2571,1358],{"class":1063},[1050,2573,2574],{"class":1520},"account",[1050,2576,1358],{"class":1063},[1050,2578,2579],{"class":1520},"balance",[1050,2581,2582],{"class":1524}," \u003C",[1050,2584,2585],{"class":1110}," amount",[1050,2587,1535],{"class":1063},[1050,2589,2590,2593,2595,2598,2600,2602,2604,2607,2610,2612],{"class":1052,"line":1399},[1050,2591,2592],{"class":1110}," messages",[1050,2594,1358],{"class":1063},[1050,2596,2597],{"class":1554},"error",[1050,2599,1366],{"class":1063},[1050,2601,1490],{"class":1554},[1050,2603,1639],{"class":1063},[1050,2605,2606],{"class":1184}," \"",[1050,2608,2609],{"class":1188},"Insufficient funds",[1050,2611,1185],{"class":1184},[1050,2613,1566],{"class":1063},[1050,2615,2616,2619,2621,2623,2625,2627,2629,2631,2633,2635,2638,2640,2642,2644,2647,2649],{"class":1052,"line":1404},[1050,2617,2618],{"class":1511}," return",[1050,2620,1679],{"class":1554},[1050,2622,1366],{"class":1063},[1050,2624,1490],{"class":1554},[1050,2626,1639],{"class":1063},[1050,2628,1528],{"class":1184},[1050,2630,1690],{"class":1188},[1050,2632,1369],{"class":1184},[1050,2634,1639],{"class":1063},[1050,2636,2637],{"class":1063}," {",[1050,2639,1369],{"class":1184},[1050,2641,1175],{"class":1188},[1050,2643,1369],{"class":1184},[1050,2645,2646],{"class":1063},":",[1050,2648,2487],{"class":1554},[1050,2650,2651],{"class":1063},"})\n",[1050,2653,2654],{"class":1052,"line":1410},[1050,2655,2553],{"class":1110},[1050,2657,2658],{"class":1052,"line":1444},[1050,2659,2660],{"class":1056}," # Verify destination account exists\n",[1050,2662,2663,2666],{"class":1052,"line":1453},[1050,2664,2665],{"class":1511}," try",[1050,2667,1535],{"class":1063},[1050,2669,2670,2673,2675,2678,2680,2683,2685,2687,2689,2692,2694,2696],{"class":1052,"line":1957},[1050,2671,2672],{"class":1110}," destination ",[1050,2674,1181],{"class":1063},[1050,2676,2677],{"class":1110}," Account",[1050,2679,1358],{"class":1063},[1050,2681,2682],{"class":1520},"objects",[1050,2684,1358],{"class":1063},[1050,2686,1555],{"class":1554},[1050,2688,1366],{"class":1063},[1050,2690,2097],{"class":2691},"sqOPj",[1050,2693,1181],{"class":1063},[1050,2695,1302],{"class":1554},[1050,2697,1566],{"class":1063},[1050,2699,2700,2703,2705,2707,2710],{"class":1052,"line":1968},[1050,2701,2702],{"class":1511}," except",[1050,2704,2677],{"class":1110},[1050,2706,1358],{"class":1063},[1050,2708,2709],{"class":1520},"DoesNotExist",[1050,2711,1535],{"class":1063},[1050,2713,2715,2717,2719,2721,2723,2725,2727,2729,2732,2734],{"class":1052,"line":2714},27,[1050,2716,2592],{"class":1110},[1050,2718,1358],{"class":1063},[1050,2720,2597],{"class":1554},[1050,2722,1366],{"class":1063},[1050,2724,1490],{"class":1554},[1050,2726,1639],{"class":1063},[1050,2728,2606],{"class":1184},[1050,2730,2731],{"class":1188},"Invalid destination account",[1050,2733,1185],{"class":1184},[1050,2735,1566],{"class":1063},[1050,2737,2739,2741,2743,2745,2747,2749,2751,2753,2755,2757,2759,2761,2763,2765,2767,2769],{"class":1052,"line":2738},28,[1050,2740,2618],{"class":1511},[1050,2742,1679],{"class":1554},[1050,2744,1366],{"class":1063},[1050,2746,1490],{"class":1554},[1050,2748,1639],{"class":1063},[1050,2750,1528],{"class":1184},[1050,2752,1690],{"class":1188},[1050,2754,1369],{"class":1184},[1050,2756,1639],{"class":1063},[1050,2758,2637],{"class":1063},[1050,2760,1369],{"class":1184},[1050,2762,1175],{"class":1188},[1050,2764,1369],{"class":1184},[1050,2766,2646],{"class":1063},[1050,2768,2487],{"class":1554},[1050,2770,2651],{"class":1063},[1050,2772,2774],{"class":1052,"line":2773},29,[1050,2775,2553],{"class":1110},[1050,2777,2779],{"class":1052,"line":2778},30,[1050,2780,2781],{"class":1056}," # Perform transfer\n",[1050,2783,2785,2787],{"class":1052,"line":2784},31,[1050,2786,2665],{"class":1511},[1050,2788,1535],{"class":1063},[1050,2790,2792,2795,2797,2799,2801,2803,2805,2807,2809,2811,2813,2816],{"class":1052,"line":2791},32,[1050,2793,2794],{"class":1110}," request",[1050,2796,1358],{"class":1063},[1050,2798,1617],{"class":1520},[1050,2800,1358],{"class":1063},[1050,2802,2574],{"class":1520},[1050,2804,1358],{"class":1063},[1050,2806,1632],{"class":1554},[1050,2808,1366],{"class":1063},[1050,2810,1260],{"class":1554},[1050,2812,1639],{"class":1063},[1050,2814,2815],{"class":1554}," destination",[1050,2817,1566],{"class":1063},[1050,2819,2821,2823,2825,2828,2830,2832,2834,2837,2840,2844,2846,2849,2851],{"class":1052,"line":2820},33,[1050,2822,2592],{"class":1110},[1050,2824,1358],{"class":1063},[1050,2826,2827],{"class":1554},"success",[1050,2829,1366],{"class":1063},[1050,2831,1490],{"class":1554},[1050,2833,1639],{"class":1063},[1050,2835,2836],{"class":1480}," f",[1050,2838,2839],{"class":1188},"\"Successfully transferred $",[1050,2841,2843],{"class":2842},"s3h35","{",[1050,2845,1260],{"class":1554},[1050,2847,2848],{"class":2842},"}",[1050,2850,1185],{"class":1188},[1050,2852,1566],{"class":1063},[1050,2854,2856],{"class":1052,"line":2855},34,[1050,2857,2858],{"class":1110}," \n",[1050,2860,2862],{"class":1052,"line":2861},35,[1050,2863,2864],{"class":1056}," # Log the transaction for audit\n",[1050,2866,2868,2871,2873,2876,2878,2881,2884,2886,2888,2890,2892,2894,2897,2899,2902,2904,2906,2908,2911,2913,2915,2917,2919],{"class":1052,"line":2867},36,[1050,2869,2870],{"class":1110}," logger",[1050,2872,1358],{"class":1063},[1050,2874,2875],{"class":1554},"info",[1050,2877,1366],{"class":1063},[1050,2879,2880],{"class":1480},"f",[1050,2882,2883],{"class":1188},"\"Money transfer: ",[1050,2885,2843],{"class":2842},[1050,2887,1490],{"class":1554},[1050,2889,1358],{"class":1063},[1050,2891,1617],{"class":1520},[1050,2893,1358],{"class":1063},[1050,2895,2896],{"class":1520},"username",[1050,2898,2848],{"class":2842},[1050,2900,2901],{"class":1188}," -> ",[1050,2903,2843],{"class":2842},[1050,2905,1302],{"class":1554},[1050,2907,2848],{"class":2842},[1050,2909,2910],{"class":1188},", Amount: $",[1050,2912,2843],{"class":2842},[1050,2914,1260],{"class":1554},[1050,2916,2848],{"class":2842},[1050,2918,1185],{"class":1188},[1050,2920,1566],{"class":1063},[1050,2922,2924],{"class":1052,"line":2923},37,[1050,2925,2858],{"class":1110},[1050,2927,2929,2931,2934,2936,2938,2941,2943],{"class":1052,"line":2928},38,[1050,2930,2618],{"class":1511},[1050,2932,2933],{"class":1554}," redirect",[1050,2935,1366],{"class":1063},[1050,2937,1369],{"class":1184},[1050,2939,2940],{"class":1188},"account_dashboard",[1050,2942,1369],{"class":1184},[1050,2944,1566],{"class":1063},[1050,2946,2948],{"class":1052,"line":2947},39,[1050,2949,2858],{"class":1110},[1050,2951,2953,2955,2958,2961,2964],{"class":1052,"line":2952},40,[1050,2954,2702],{"class":1511},[1050,2956,2957],{"class":1110}," TransferError ",[1050,2959,2960],{"class":1511},"as",[1050,2962,2963],{"class":1110}," e",[1050,2965,1535],{"class":1063},[1050,2967,2969,2971,2973,2975,2977,2979,2981,2983,2986,2988,2992,2994,2997,2999,3001,3003],{"class":1052,"line":2968},41,[1050,2970,2592],{"class":1110},[1050,2972,1358],{"class":1063},[1050,2974,2597],{"class":1554},[1050,2976,1366],{"class":1063},[1050,2978,1490],{"class":1554},[1050,2980,1639],{"class":1063},[1050,2982,2836],{"class":1480},[1050,2984,2985],{"class":1188},"\"Transfer failed: ",[1050,2987,2843],{"class":2842},[1050,2989,2991],{"class":2990},"sa2tF","str",[1050,2993,1366],{"class":1063},[1050,2995,2996],{"class":1554},"e",[1050,2998,1376],{"class":1063},[1050,3000,2848],{"class":2842},[1050,3002,1185],{"class":1188},[1050,3004,1566],{"class":1063},[1050,3006,3008],{"class":1052,"line":3007},42,[1050,3009,1598],{"class":1110},[1050,3011,3013,3016],{"class":1052,"line":3012},43,[1050,3014,3015],{"class":1511}," else",[1050,3017,1535],{"class":1063},[1050,3019,3021,3024,3026,3028,3030,3032,3034,3036,3039,3041],{"class":1052,"line":3020},44,[1050,3022,3023],{"class":1110}," messages",[1050,3025,1358],{"class":1063},[1050,3027,2597],{"class":1554},[1050,3029,1366],{"class":1063},[1050,3031,1490],{"class":1554},[1050,3033,1639],{"class":1063},[1050,3035,2606],{"class":1184},[1050,3037,3038],{"class":1188},"Please correct the errors below",[1050,3040,1185],{"class":1184},[1050,3042,1566],{"class":1063},[1050,3044,3046],{"class":1052,"line":3045},45,[1050,3047,1161],{"class":1110},[1050,3049,3051,3054],{"class":1052,"line":3050},46,[1050,3052,3053],{"class":1511}," else",[1050,3055,1535],{"class":1063},[1050,3057,3059,3061,3063,3065],{"class":1052,"line":3058},47,[1050,3060,2460],{"class":1110},[1050,3062,1181],{"class":1063},[1050,3064,2465],{"class":1554},[1050,3066,3067],{"class":1063},"()\n",[1050,3069,3071],{"class":1052,"line":3070},48,[1050,3072,1161],{"class":1110},[1050,3074,3076,3078,3080,3082,3084,3086,3088,3090,3092,3094,3096,3098,3100,3102,3104,3106],{"class":1052,"line":3075},49,[1050,3077,1676],{"class":1511},[1050,3079,1679],{"class":1554},[1050,3081,1366],{"class":1063},[1050,3083,1490],{"class":1554},[1050,3085,1639],{"class":1063},[1050,3087,1528],{"class":1184},[1050,3089,1690],{"class":1188},[1050,3091,1369],{"class":1184},[1050,3093,1639],{"class":1063},[1050,3095,2637],{"class":1063},[1050,3097,1369],{"class":1184},[1050,3099,1175],{"class":1188},[1050,3101,1369],{"class":1184},[1050,3103,2646],{"class":1063},[1050,3105,2487],{"class":1554},[1050,3107,2651],{"class":1063},[1050,3109,3111],{"class":1052,"line":3110},50,[1050,3112,1700],{"emptyLinePlaceholder":1699},[1050,3114,3116],{"class":1052,"line":3115},51,[1050,3117,3118],{"class":1056},"# Class-based view with CSRF protection\n",[1050,3120,3122,3124,3126,3128,3130,3132,3135,3137],{"class":1052,"line":3121},52,[1050,3123,2338],{"class":1511},[1050,3125,2341],{"class":1110},[1050,3127,1358],{"class":1063},[1050,3129,2346],{"class":1110},[1050,3131,1358],{"class":1063},[1050,3133,3134],{"class":1110},"generic ",[1050,3136,2359],{"class":1511},[1050,3138,3139],{"class":1110}," FormView\n",[1050,3141,3143,3145,3147,3149,3151,3153,3155,3157,3160,3162],{"class":1052,"line":3142},53,[1050,3144,2338],{"class":1511},[1050,3146,2341],{"class":1110},[1050,3148,1358],{"class":1063},[1050,3150,2373],{"class":1110},[1050,3152,1358],{"class":1063},[1050,3154,2378],{"class":1110},[1050,3156,1358],{"class":1063},[1050,3158,3159],{"class":1110},"mixins ",[1050,3161,2359],{"class":1511},[1050,3163,3164],{"class":1110}," LoginRequiredMixin\n",[1050,3166,3168],{"class":1052,"line":3167},54,[1050,3169,1700],{"emptyLinePlaceholder":1699},[1050,3171,3173,3176,3180,3182,3186,3188,3191],{"class":1052,"line":3172},55,[1050,3174,3175],{"class":1480},"class",[1050,3177,3179],{"class":3178},"sD-vU"," MoneyTransferView",[1050,3181,1366],{"class":1063},[1050,3183,3185],{"class":3184},"sYn-s","LoginRequiredMixin",[1050,3187,1639],{"class":1063},[1050,3189,3190],{"class":3184}," FormView",[1050,3192,1493],{"class":1063},[1050,3194,3196,3198,3201],{"class":1052,"line":3195},56,[1050,3197,1499],{"class":1498},[1050,3199,3200],{"class":1502},"Secure money transfer view",[1050,3202,1506],{"class":1498},[1050,3204,3206,3209,3211,3213,3215],{"class":1052,"line":3205},57,[1050,3207,3208],{"class":1110}," template_name ",[1050,3210,1181],{"class":1063},[1050,3212,1528],{"class":1184},[1050,3214,1690],{"class":1188},[1050,3216,1885],{"class":1184},[1050,3218,3220,3223,3225],{"class":1052,"line":3219},58,[1050,3221,3222],{"class":1110}," form_class ",[1050,3224,1181],{"class":1063},[1050,3226,3227],{"class":1110}," MoneyTransferForm\n",[1050,3229,3231,3234,3236,3238,3241],{"class":1052,"line":3230},59,[1050,3232,3233],{"class":1110}," success_url ",[1050,3235,1181],{"class":1063},[1050,3237,1528],{"class":1184},[1050,3239,3240],{"class":1188},"/account/dashboard/",[1050,3242,1885],{"class":1184},[1050,3244,3246],{"class":1052,"line":3245},60,[1050,3247,1161],{"class":1110},[1050,3249,3251,3254,3257,3259,3263,3265,3267],{"class":1052,"line":3250},61,[1050,3252,3253],{"class":1480}," def",[1050,3255,3256],{"class":1361}," form_valid",[1050,3258,1366],{"class":1063},[1050,3260,3262],{"class":3261},"sRjD_","self",[1050,3264,1639],{"class":1063},[1050,3266,2487],{"class":1489},[1050,3268,1493],{"class":1063},[1050,3270,3272,3275,3278],{"class":1052,"line":3271},62,[1050,3273,3274],{"class":1498}," \"\"\"",[1050,3276,3277],{"class":1502},"Process valid form with additional security checks",[1050,3279,1506],{"class":1498},[1050,3281,3283,3285,3287,3289,3291,3293,3295,3297,3299,3301],{"class":1052,"line":3282},63,[1050,3284,1540],{"class":1110},[1050,3286,1181],{"class":1063},[1050,3288,2487],{"class":1110},[1050,3290,1358],{"class":1063},[1050,3292,2514],{"class":1520},[1050,3294,2517],{"class":1063},[1050,3296,1369],{"class":1184},[1050,3298,1260],{"class":1188},[1050,3300,1369],{"class":1184},[1050,3302,1823],{"class":1063},[1050,3304,3306,3308,3310,3312,3314,3316,3318,3320,3322,3324],{"class":1052,"line":3305},64,[1050,3307,1571],{"class":1110},[1050,3309,1181],{"class":1063},[1050,3311,2487],{"class":1110},[1050,3313,1358],{"class":1063},[1050,3315,2514],{"class":1520},[1050,3317,2517],{"class":1063},[1050,3319,1369],{"class":1184},[1050,3321,1302],{"class":1188},[1050,3323,1369],{"class":1184},[1050,3325,1823],{"class":1063},[1050,3327,3329],{"class":1052,"line":3328},65,[1050,3330,1598],{"class":1110},[1050,3332,3334],{"class":1052,"line":3333},66,[1050,3335,3336],{"class":1056}," # Security validations\n",[1050,3338,3340,3342,3345,3348,3350,3353,3355,3357,3359,3361],{"class":1052,"line":3339},67,[1050,3341,2484],{"class":1511},[1050,3343,3344],{"class":1524}," not",[1050,3346,3347],{"class":1791}," self",[1050,3349,1358],{"class":1063},[1050,3351,3352],{"class":1554},"validate_transfer",[1050,3354,1366],{"class":1063},[1050,3356,1260],{"class":1554},[1050,3358,1639],{"class":1063},[1050,3360,1642],{"class":1554},[1050,3362,1493],{"class":1063},[1050,3364,3366,3369,3371,3373,3376,3378,3380],{"class":1052,"line":3365},68,[1050,3367,3368],{"class":1511}," return",[1050,3370,3347],{"class":1791},[1050,3372,1358],{"class":1063},[1050,3374,3375],{"class":1554},"form_invalid",[1050,3377,1366],{"class":1063},[1050,3379,1175],{"class":1554},[1050,3381,1566],{"class":1063},[1050,3383,3385],{"class":1052,"line":3384},69,[1050,3386,1598],{"class":1110},[1050,3388,3390],{"class":1052,"line":3389},70,[1050,3391,3392],{"class":1056}," # Perform transfer\n",[1050,3394,3396,3399],{"class":1052,"line":3395},71,[1050,3397,3398],{"class":1511}," try",[1050,3400,1535],{"class":1063},[1050,3402,3404,3407,3409,3411,3413,3415,3417,3419,3421,3423,3425,3427,3429,3431],{"class":1052,"line":3403},72,[1050,3405,3406],{"class":1791}," self",[1050,3408,1358],{"class":1063},[1050,3410,1490],{"class":1520},[1050,3412,1358],{"class":1063},[1050,3414,1617],{"class":1520},[1050,3416,1358],{"class":1063},[1050,3418,2574],{"class":1520},[1050,3420,1358],{"class":1063},[1050,3422,1632],{"class":1554},[1050,3424,1366],{"class":1063},[1050,3426,1260],{"class":1554},[1050,3428,1639],{"class":1063},[1050,3430,1642],{"class":1554},[1050,3432,1566],{"class":1063},[1050,3434,3436,3438,3440,3442,3444,3446,3448,3450,3452,3454,3456,3458,3460,3462,3464],{"class":1052,"line":3435},73,[1050,3437,3023],{"class":1110},[1050,3439,1358],{"class":1063},[1050,3441,2827],{"class":1554},[1050,3443,1366],{"class":1063},[1050,3445,3262],{"class":1791},[1050,3447,1358],{"class":1063},[1050,3449,1490],{"class":1520},[1050,3451,1639],{"class":1063},[1050,3453,2836],{"class":1480},[1050,3455,2839],{"class":1188},[1050,3457,2843],{"class":2842},[1050,3459,1260],{"class":1554},[1050,3461,2848],{"class":2842},[1050,3463,1185],{"class":1188},[1050,3465,1566],{"class":1063},[1050,3467,3469,3471,3474,3477,3480,3482,3484],{"class":1052,"line":3468},74,[1050,3470,3368],{"class":1511},[1050,3472,3473],{"class":2990}," super",[1050,3475,3476],{"class":1063},"().",[1050,3478,3479],{"class":1554},"form_valid",[1050,3481,1366],{"class":1063},[1050,3483,1175],{"class":1554},[1050,3485,1566],{"class":1063},[1050,3487,3489],{"class":1052,"line":3488},75,[1050,3490,2553],{"class":1110},[1050,3492,3494,3497,3499,3501,3503],{"class":1052,"line":3493},76,[1050,3495,3496],{"class":1511}," except",[1050,3498,2957],{"class":1110},[1050,3500,2960],{"class":1511},[1050,3502,2963],{"class":1110},[1050,3504,1535],{"class":1063},[1050,3506,3508,3511,3513,3516,3518,3521,3523,3525,3527,3529,3531,3533,3535,3537,3539,3541],{"class":1052,"line":3507},77,[1050,3509,3510],{"class":1110}," form",[1050,3512,1358],{"class":1063},[1050,3514,3515],{"class":1554},"add_error",[1050,3517,1366],{"class":1063},[1050,3519,3520],{"class":1856},"None",[1050,3522,1639],{"class":1063},[1050,3524,2836],{"class":1480},[1050,3526,2985],{"class":1188},[1050,3528,2843],{"class":2842},[1050,3530,2991],{"class":2990},[1050,3532,1366],{"class":1063},[1050,3534,2996],{"class":1554},[1050,3536,1376],{"class":1063},[1050,3538,2848],{"class":2842},[1050,3540,1185],{"class":1188},[1050,3542,1566],{"class":1063},[1050,3544,3546,3548,3550,3552,3554,3556,3558],{"class":1052,"line":3545},78,[1050,3547,3368],{"class":1511},[1050,3549,3347],{"class":1791},[1050,3551,1358],{"class":1063},[1050,3553,3375],{"class":1554},[1050,3555,1366],{"class":1063},[1050,3557,1175],{"class":1554},[1050,3559,1566],{"class":1063},[1050,3561,3563],{"class":1052,"line":3562},79,[1050,3564,1161],{"class":1110},[1050,3566,3568,3570,3573,3575,3577,3579,3581,3583,3585],{"class":1052,"line":3567},80,[1050,3569,3253],{"class":1480},[1050,3571,3572],{"class":1361}," validate_transfer",[1050,3574,1366],{"class":1063},[1050,3576,3262],{"class":3261},[1050,3578,1639],{"class":1063},[1050,3580,2585],{"class":1489},[1050,3582,1639],{"class":1063},[1050,3584,1642],{"class":1489},[1050,3586,1493],{"class":1063},[1050,3588,3590,3592,3595],{"class":1052,"line":3589},81,[1050,3591,3274],{"class":1498},[1050,3593,3594],{"class":1502},"Additional transfer validation",[1050,3596,1506],{"class":1498},[1050,3598,3600],{"class":1052,"line":3599},82,[1050,3601,3602],{"class":1056}," # Check daily transfer limit\n",[1050,3604,3606,3609,3611,3613,3615,3617,3619,3621,3623,3625,3627,3630],{"class":1052,"line":3605},83,[1050,3607,3608],{"class":1110}," daily_total ",[1050,3610,1181],{"class":1063},[1050,3612,3347],{"class":1791},[1050,3614,1358],{"class":1063},[1050,3616,1490],{"class":1520},[1050,3618,1358],{"class":1063},[1050,3620,1617],{"class":1520},[1050,3622,1358],{"class":1063},[1050,3624,2574],{"class":1520},[1050,3626,1358],{"class":1063},[1050,3628,3629],{"class":1554},"get_daily_transfer_total",[1050,3631,3067],{"class":1063},[1050,3633,3635,3637,3640,3643,3646,3648,3651,3653],{"class":1052,"line":3634},84,[1050,3636,2484],{"class":1511},[1050,3638,3639],{"class":1110}," daily_total ",[1050,3641,3642],{"class":1524},"+",[1050,3644,3645],{"class":1110}," amount ",[1050,3647,1107],{"class":1524},[1050,3649,3650],{"class":1842}," 5000",[1050,3652,2646],{"class":1063},[1050,3654,3655],{"class":1056}," # $5000 daily limit\n",[1050,3657,3659,3661,3663,3665,3667,3669,3671,3673,3675,3677,3680,3682],{"class":1052,"line":3658},85,[1050,3660,3023],{"class":1110},[1050,3662,1358],{"class":1063},[1050,3664,2597],{"class":1554},[1050,3666,1366],{"class":1063},[1050,3668,3262],{"class":1791},[1050,3670,1358],{"class":1063},[1050,3672,1490],{"class":1520},[1050,3674,1639],{"class":1063},[1050,3676,2606],{"class":1184},[1050,3678,3679],{"class":1188},"Daily transfer limit exceeded",[1050,3681,1185],{"class":1184},[1050,3683,1566],{"class":1063},[1050,3685,3687,3689],{"class":1052,"line":3686},86,[1050,3688,3368],{"class":1511},[1050,3690,1976],{"class":1856},[1050,3692,3694],{"class":1052,"line":3693},87,[1050,3695,1598],{"class":1110},[1050,3697,3699,3701],{"class":1052,"line":3698},88,[1050,3700,1653],{"class":1511},[1050,3702,3703],{"class":1856}," True\n",[1030,3705,3707],{"id":3706},"ajax-and-csrf-protection","AJAX and CSRF Protection",[1035,3709,3711],{"id":3710},"csrf-with-javascriptajax","CSRF with JavaScript/AJAX",[1040,3713,3717],{"className":3714,"code":3715,"language":3716,"meta":1045,"style":1045},"language-javascript shiki shiki-themes material-theme-lighter vitesse-light vitesse-dark","// static/js/csrf.js - CSRF token handling for AJAX\nfunction getCookie(name) {\n let cookieValue = null;\n if (document.cookie && document.cookie !== '') {\n const cookies = document.cookie.split(';');\n for (let i = 0; i \u003C cookies.length; i++) {\n const cookie = cookies[i].trim();\n if (cookie.substring(0, name.length + 1) === (name + '=')) {\n cookieValue = decodeURIComponent(cookie.substring(name.length + 1));\n break;\n }\n }\n }\n return cookieValue;\n}\n\n// Get CSRF token\nconst csrftoken = getCookie('csrftoken');\n\n// Method 1: Include CSRF token in AJAX headers\nfunction csrfSafeMethod(method) {\n // These HTTP methods do not require CSRF protection\n return (/^(GET|HEAD|OPTIONS|TRACE)$/.test(method));\n}\n\n$.ajaxSetup({\n beforeSend: function(xhr, settings) {\n if (!csrfSafeMethod(settings.type) && !this.crossDomain) {\n xhr.setRequestHeader(\"X-CSRFToken\", csrftoken);\n }\n }\n});\n\n// Method 2: Include CSRF token in form data\nfunction transferMoney(amount, toAccount) {\n $.ajax({\n url: '/transfer-money/',\n type: 'POST',\n data: {\n 'amount': amount,\n 'to_account': toAccount,\n 'csrfmiddlewaretoken': csrftoken // Include token in data\n },\n success: function(response) {\n alert('Transfer successful!');\n },\n error: function(xhr, status, error) {\n alert('Transfer failed: ' + error);\n }\n });\n}\n\n// Method 3: Using fetch API with CSRF token\nasync function transferMoneyFetch(amount, toAccount) {\n try {\n const response = await fetch('/transfer-money/', {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/x-www-form-urlencoded',\n 'X-CSRFToken': csrftoken,\n },\n body: new URLSearchParams({\n 'amount': amount,\n 'to_account': toAccount,\n })\n });\n \n if (response.ok) {\n const result = await response.json();\n alert('Transfer successful!');\n } else {\n throw new Error('Transfer failed');\n }\n } catch (error) {\n alert('Transfer failed: ' + error.message);\n }\n}\n","javascript",[1047,3718,3719,3724,3742,3757,3793,3827,3870,3899,3953,3987,3994,3999,4004,4009,4017,4022,4026,4031,4055,4059,4064,4079,4084,4137,4141,4145,4159,4183,4225,4252,4256,4260,4268,4272,4277,4297,4311,4329,4344,4353,4369,4383,4398,4403,4421,4439,4443,4470,4491,4495,4504,4508,4512,4517,4539,4546,4573,4588,4597,4618,4632,4637,4654,4668,4682,4689,4698,4702,4719,4741,4757,4766,4789,4793,4808,4834,4838],{"__ignoreMap":1045},[1050,3720,3721],{"class":1052,"line":1053},[1050,3722,3723],{"class":1056},"// static/js/csrf.js - CSRF token handling for AJAX\n",[1050,3725,3726,3729,3732,3734,3737,3739],{"class":1052,"line":1060},[1050,3727,3728],{"class":1480},"function",[1050,3730,3731],{"class":1361}," getCookie",[1050,3733,1366],{"class":1063},[1050,3735,3736],{"class":2691},"name",[1050,3738,1376],{"class":1063},[1050,3740,3741],{"class":1063}," {\n",[1050,3743,3744,3747,3750,3752,3755],{"class":1052,"line":1078},[1050,3745,3746],{"class":1480}," let",[1050,3748,3749],{"class":1354}," cookieValue",[1050,3751,1795],{"class":1063},[1050,3753,3754],{"class":1524}," null",[1050,3756,1387],{"class":1063},[1050,3758,3759,3761,3765,3768,3770,3773,3776,3779,3781,3783,3786,3789,3791],{"class":1052,"line":1088},[1050,3760,1512],{"class":1511},[1050,3762,3764],{"class":3763},"sLdnO"," (",[1050,3766,3767],{"class":1354},"document",[1050,3769,1358],{"class":1063},[1050,3771,3772],{"class":1354},"cookie",[1050,3774,3775],{"class":1524}," &&",[1050,3777,3778],{"class":1354}," document",[1050,3780,1358],{"class":1063},[1050,3782,3772],{"class":1354},[1050,3784,3785],{"class":1524}," !==",[1050,3787,3788],{"class":1184}," ''",[1050,3790,1376],{"class":3763},[1050,3792,3741],{"class":1063},[1050,3794,3795,3798,3801,3803,3805,3807,3809,3811,3814,3816,3818,3821,3823,3825],{"class":1052,"line":1098},[1050,3796,3797],{"class":1480}," const",[1050,3799,3800],{"class":1354}," cookies",[1050,3802,1795],{"class":1063},[1050,3804,3778],{"class":1354},[1050,3806,1358],{"class":1063},[1050,3808,3772],{"class":1354},[1050,3810,1358],{"class":1063},[1050,3812,3813],{"class":1361},"split",[1050,3815,1366],{"class":3763},[1050,3817,1369],{"class":1184},[1050,3819,3820],{"class":1188},";",[1050,3822,1369],{"class":1184},[1050,3824,1376],{"class":3763},[1050,3826,1387],{"class":1063},[1050,3828,3829,3832,3834,3837,3840,3842,3845,3847,3849,3851,3853,3855,3859,3861,3863,3866,3868],{"class":1052,"line":1121},[1050,3830,3831],{"class":1511}," for",[1050,3833,3764],{"class":3763},[1050,3835,3836],{"class":1480},"let",[1050,3838,3839],{"class":1354}," i",[1050,3841,1795],{"class":1063},[1050,3843,3844],{"class":1842}," 0",[1050,3846,3820],{"class":1063},[1050,3848,3839],{"class":1354},[1050,3850,2582],{"class":1063},[1050,3852,3800],{"class":1354},[1050,3854,1358],{"class":1063},[1050,3856,3858],{"class":3857},"s131V","length",[1050,3860,3820],{"class":1063},[1050,3862,3839],{"class":1354},[1050,3864,3865],{"class":1524},"++",[1050,3867,1376],{"class":3763},[1050,3869,3741],{"class":1063},[1050,3871,3872,3875,3878,3880,3882,3884,3887,3890,3892,3895,3897],{"class":1052,"line":1130},[1050,3873,3874],{"class":1480}," const",[1050,3876,3877],{"class":1354}," cookie",[1050,3879,1795],{"class":1063},[1050,3881,3800],{"class":1354},[1050,3883,2517],{"class":3763},[1050,3885,3886],{"class":1354},"i",[1050,3888,3889],{"class":3763},"]",[1050,3891,1358],{"class":1063},[1050,3893,3894],{"class":1361},"trim",[1050,3896,1384],{"class":3763},[1050,3898,1387],{"class":1063},[1050,3900,3901,3903,3905,3907,3909,3912,3914,3917,3919,3921,3923,3925,3928,3931,3933,3936,3938,3940,3942,3944,3946,3948,3951],{"class":1052,"line":1140},[1050,3902,2563],{"class":1511},[1050,3904,3764],{"class":3763},[1050,3906,3772],{"class":1354},[1050,3908,1358],{"class":1063},[1050,3910,3911],{"class":1361},"substring",[1050,3913,1366],{"class":3763},[1050,3915,3916],{"class":1842},"0",[1050,3918,1639],{"class":1063},[1050,3920,1253],{"class":1354},[1050,3922,1358],{"class":1063},[1050,3924,3858],{"class":3857},[1050,3926,3927],{"class":1524}," +",[1050,3929,3930],{"class":1842}," 1",[1050,3932,1376],{"class":3763},[1050,3934,3935],{"class":1524}," ===",[1050,3937,3764],{"class":3763},[1050,3939,3736],{"class":1354},[1050,3941,3927],{"class":1524},[1050,3943,1528],{"class":1184},[1050,3945,1181],{"class":1188},[1050,3947,1369],{"class":1184},[1050,3949,3950],{"class":3763},"))",[1050,3952,3741],{"class":1063},[1050,3954,3955,3958,3960,3963,3965,3967,3969,3971,3973,3975,3977,3979,3981,3983,3985],{"class":1052,"line":1158},[1050,3956,3957],{"class":1354}," cookieValue",[1050,3959,1795],{"class":1063},[1050,3961,3962],{"class":1361}," decodeURIComponent",[1050,3964,1366],{"class":3763},[1050,3966,3772],{"class":1354},[1050,3968,1358],{"class":1063},[1050,3970,3911],{"class":1361},[1050,3972,1366],{"class":3763},[1050,3974,3736],{"class":1354},[1050,3976,1358],{"class":1063},[1050,3978,3858],{"class":3857},[1050,3980,3927],{"class":1524},[1050,3982,3930],{"class":1842},[1050,3984,3950],{"class":3763},[1050,3986,1387],{"class":1063},[1050,3988,3989,3992],{"class":1052,"line":1164},[1050,3990,3991],{"class":1511}," break",[1050,3993,1387],{"class":1063},[1050,3995,3996],{"class":1052,"line":1170},[1050,3997,3998],{"class":1063}," }\n",[1050,4000,4001],{"class":1052,"line":1232},[1050,4002,4003],{"class":1063}," }\n",[1050,4005,4006],{"class":1052,"line":1279},[1050,4007,4008],{"class":1063}," }\n",[1050,4010,4011,4013,4015],{"class":1052,"line":1320},[1050,4012,1676],{"class":1511},[1050,4014,3749],{"class":1354},[1050,4016,1387],{"class":1063},[1050,4018,4019],{"class":1052,"line":1330},[1050,4020,4021],{"class":1063},"}\n",[1050,4023,4024],{"class":1052,"line":1335},[1050,4025,1700],{"emptyLinePlaceholder":1699},[1050,4027,4028],{"class":1052,"line":1345},[1050,4029,4030],{"class":1056},"// Get CSRF token\n",[1050,4032,4033,4036,4039,4041,4043,4045,4047,4049,4051,4053],{"class":1052,"line":1351},[1050,4034,4035],{"class":1480},"const",[1050,4037,4038],{"class":1354}," csrftoken",[1050,4040,1795],{"class":1063},[1050,4042,3731],{"class":1361},[1050,4044,1366],{"class":1365},[1050,4046,1369],{"class":1184},[1050,4048,1882],{"class":1188},[1050,4050,1369],{"class":1184},[1050,4052,1376],{"class":1365},[1050,4054,1387],{"class":1063},[1050,4056,4057],{"class":1052,"line":1390},[1050,4058,1700],{"emptyLinePlaceholder":1699},[1050,4060,4061],{"class":1052,"line":1399},[1050,4062,4063],{"class":1056},"// Method 1: Include CSRF token in AJAX headers\n",[1050,4065,4066,4068,4071,4073,4075,4077],{"class":1052,"line":1404},[1050,4067,3728],{"class":1480},[1050,4069,4070],{"class":1361}," csrfSafeMethod",[1050,4072,1366],{"class":1063},[1050,4074,1521],{"class":2691},[1050,4076,1376],{"class":1063},[1050,4078,3741],{"class":1063},[1050,4080,4081],{"class":1052,"line":1410},[1050,4082,4083],{"class":1056}," // These HTTP methods do not require CSRF protection\n",[1050,4085,4086,4088,4090,4092,4095,4097,4101,4104,4107,4109,4112,4114,4117,4119,4122,4124,4126,4129,4131,4133,4135],{"class":1052,"line":1444},[1050,4087,1676],{"class":1511},[1050,4089,3764],{"class":3763},[1050,4091,1897],{"class":1184},[1050,4093,4094],{"class":1511},"^",[1050,4096,1366],{"class":1063},[1050,4098,4100],{"class":4099},"s27EL","GET",[1050,4102,4103],{"class":1524},"|",[1050,4105,4106],{"class":4099},"HEAD",[1050,4108,4103],{"class":1524},[1050,4110,4111],{"class":4099},"OPTIONS",[1050,4113,4103],{"class":1524},[1050,4115,4116],{"class":4099},"TRACE",[1050,4118,1376],{"class":1063},[1050,4120,4121],{"class":1511},"$",[1050,4123,1897],{"class":1184},[1050,4125,1358],{"class":1063},[1050,4127,4128],{"class":1361},"test",[1050,4130,1366],{"class":3763},[1050,4132,1521],{"class":1354},[1050,4134,3950],{"class":3763},[1050,4136,1387],{"class":1063},[1050,4138,4139],{"class":1052,"line":1453},[1050,4140,4021],{"class":1063},[1050,4142,4143],{"class":1052,"line":1957},[1050,4144,1700],{"emptyLinePlaceholder":1699},[1050,4146,4147,4149,4151,4154,4156],{"class":1052,"line":1968},[1050,4148,4121],{"class":1354},[1050,4150,1358],{"class":1063},[1050,4152,4153],{"class":1361},"ajaxSetup",[1050,4155,1366],{"class":1365},[1050,4157,4158],{"class":1063},"{\n",[1050,4160,4161,4164,4166,4169,4171,4174,4176,4179,4181],{"class":1052,"line":2714},[1050,4162,4163],{"class":1361}," beforeSend",[1050,4165,2646],{"class":1063},[1050,4167,4168],{"class":1480}," function",[1050,4170,1366],{"class":1063},[1050,4172,4173],{"class":2691},"xhr",[1050,4175,1639],{"class":1063},[1050,4177,4178],{"class":2691}," settings",[1050,4180,1376],{"class":1063},[1050,4182,3741],{"class":1063},[1050,4184,4185,4187,4189,4192,4195,4197,4200,4202,4205,4207,4209,4212,4216,4218,4221,4223],{"class":1052,"line":2738},[1050,4186,2484],{"class":1511},[1050,4188,3764],{"class":3763},[1050,4190,4191],{"class":1524},"!",[1050,4193,4194],{"class":1361},"csrfSafeMethod",[1050,4196,1366],{"class":3763},[1050,4198,4199],{"class":1354},"settings",[1050,4201,1358],{"class":1063},[1050,4203,4204],{"class":1354},"type",[1050,4206,1376],{"class":3763},[1050,4208,3775],{"class":1524},[1050,4210,4211],{"class":1524}," !",[1050,4213,4215],{"class":4214},"sETVe","this",[1050,4217,1358],{"class":1063},[1050,4219,4220],{"class":1354},"crossDomain",[1050,4222,1376],{"class":3763},[1050,4224,3741],{"class":1063},[1050,4226,4227,4230,4232,4235,4237,4239,4242,4244,4246,4248,4250],{"class":1052,"line":2773},[1050,4228,4229],{"class":1354}," xhr",[1050,4231,1358],{"class":1063},[1050,4233,4234],{"class":1361},"setRequestHeader",[1050,4236,1366],{"class":3763},[1050,4238,1185],{"class":1184},[1050,4240,4241],{"class":1188},"X-CSRFToken",[1050,4243,1185],{"class":1184},[1050,4245,1639],{"class":1063},[1050,4247,4038],{"class":1354},[1050,4249,1376],{"class":3763},[1050,4251,1387],{"class":1063},[1050,4253,4254],{"class":1052,"line":2778},[1050,4255,4003],{"class":1063},[1050,4257,4258],{"class":1052,"line":2784},[1050,4259,4008],{"class":1063},[1050,4261,4262,4264,4266],{"class":1052,"line":2791},[1050,4263,2848],{"class":1063},[1050,4265,1376],{"class":1365},[1050,4267,1387],{"class":1063},[1050,4269,4270],{"class":1052,"line":2820},[1050,4271,1700],{"emptyLinePlaceholder":1699},[1050,4273,4274],{"class":1052,"line":2855},[1050,4275,4276],{"class":1056},"// Method 2: Include CSRF token in form data\n",[1050,4278,4279,4281,4284,4286,4288,4290,4293,4295],{"class":1052,"line":2861},[1050,4280,3728],{"class":1480},[1050,4282,4283],{"class":1361}," transferMoney",[1050,4285,1366],{"class":1063},[1050,4287,1260],{"class":2691},[1050,4289,1639],{"class":1063},[1050,4291,4292],{"class":2691}," toAccount",[1050,4294,1376],{"class":1063},[1050,4296,3741],{"class":1063},[1050,4298,4299,4302,4304,4307,4309],{"class":1052,"line":2867},[1050,4300,4301],{"class":1354}," $",[1050,4303,1358],{"class":1063},[1050,4305,4306],{"class":1361},"ajax",[1050,4308,1366],{"class":3763},[1050,4310,4158],{"class":1063},[1050,4312,4313,4317,4319,4321,4324,4326],{"class":1052,"line":2923},[1050,4314,4316],{"class":4315},"suXOh"," url",[1050,4318,2646],{"class":1063},[1050,4320,1528],{"class":1184},[1050,4322,4323],{"class":1188},"/transfer-money/",[1050,4325,1369],{"class":1184},[1050,4327,4328],{"class":1063},",\n",[1050,4330,4331,4334,4336,4338,4340,4342],{"class":1052,"line":2928},[1050,4332,4333],{"class":4315}," type",[1050,4335,2646],{"class":1063},[1050,4337,1528],{"class":1184},[1050,4339,1213],{"class":1188},[1050,4341,1369],{"class":1184},[1050,4343,4328],{"class":1063},[1050,4345,4346,4349,4351],{"class":1052,"line":2947},[1050,4347,4348],{"class":4315}," data",[1050,4350,2646],{"class":1063},[1050,4352,3741],{"class":1063},[1050,4354,4355,4358,4361,4363,4365,4367],{"class":1052,"line":2952},[1050,4356,4357],{"class":1184}," '",[1050,4359,1260],{"class":4360},"sQtxO",[1050,4362,1369],{"class":1184},[1050,4364,2646],{"class":1063},[1050,4366,2585],{"class":1354},[1050,4368,4328],{"class":1063},[1050,4370,4371,4373,4375,4377,4379,4381],{"class":1052,"line":2968},[1050,4372,4357],{"class":1184},[1050,4374,1302],{"class":4360},[1050,4376,1369],{"class":1184},[1050,4378,2646],{"class":1063},[1050,4380,4292],{"class":1354},[1050,4382,4328],{"class":1063},[1050,4384,4385,4387,4389,4391,4393,4395],{"class":1052,"line":3007},[1050,4386,4357],{"class":1184},[1050,4388,2304],{"class":4360},[1050,4390,1369],{"class":1184},[1050,4392,2646],{"class":1063},[1050,4394,4038],{"class":1354},[1050,4396,4397],{"class":1056}," // Include token in data\n",[1050,4399,4400],{"class":1052,"line":3012},[1050,4401,4402],{"class":1063}," },\n",[1050,4404,4405,4408,4410,4412,4414,4417,4419],{"class":1052,"line":3020},[1050,4406,4407],{"class":1361}," success",[1050,4409,2646],{"class":1063},[1050,4411,4168],{"class":1480},[1050,4413,1366],{"class":1063},[1050,4415,4416],{"class":2691},"response",[1050,4418,1376],{"class":1063},[1050,4420,3741],{"class":1063},[1050,4422,4423,4426,4428,4430,4433,4435,4437],{"class":1052,"line":3045},[1050,4424,4425],{"class":1361}," alert",[1050,4427,1366],{"class":3763},[1050,4429,1369],{"class":1184},[1050,4431,4432],{"class":1188},"Transfer successful!",[1050,4434,1369],{"class":1184},[1050,4436,1376],{"class":3763},[1050,4438,1387],{"class":1063},[1050,4440,4441],{"class":1052,"line":3050},[1050,4442,4402],{"class":1063},[1050,4444,4445,4448,4450,4452,4454,4456,4458,4461,4463,4466,4468],{"class":1052,"line":3058},[1050,4446,4447],{"class":1361}," error",[1050,4449,2646],{"class":1063},[1050,4451,4168],{"class":1480},[1050,4453,1366],{"class":1063},[1050,4455,4173],{"class":2691},[1050,4457,1639],{"class":1063},[1050,4459,4460],{"class":2691}," status",[1050,4462,1639],{"class":1063},[1050,4464,4465],{"class":2691}," error",[1050,4467,1376],{"class":1063},[1050,4469,3741],{"class":1063},[1050,4471,4472,4474,4476,4478,4481,4483,4485,4487,4489],{"class":1052,"line":3070},[1050,4473,4425],{"class":1361},[1050,4475,1366],{"class":3763},[1050,4477,1369],{"class":1184},[1050,4479,4480],{"class":1188},"Transfer failed: ",[1050,4482,1369],{"class":1184},[1050,4484,3927],{"class":1524},[1050,4486,4465],{"class":1354},[1050,4488,1376],{"class":3763},[1050,4490,1387],{"class":1063},[1050,4492,4493],{"class":1052,"line":3075},[1050,4494,4003],{"class":1063},[1050,4496,4497,4500,4502],{"class":1052,"line":3110},[1050,4498,4499],{"class":1063}," }",[1050,4501,1376],{"class":3763},[1050,4503,1387],{"class":1063},[1050,4505,4506],{"class":1052,"line":3115},[1050,4507,4021],{"class":1063},[1050,4509,4510],{"class":1052,"line":3121},[1050,4511,1700],{"emptyLinePlaceholder":1699},[1050,4513,4514],{"class":1052,"line":3142},[1050,4515,4516],{"class":1056},"// Method 3: Using fetch API with CSRF token\n",[1050,4518,4519,4522,4524,4527,4529,4531,4533,4535,4537],{"class":1052,"line":3167},[1050,4520,4521],{"class":1480},"async",[1050,4523,4168],{"class":1480},[1050,4525,4526],{"class":1361}," transferMoneyFetch",[1050,4528,1366],{"class":1063},[1050,4530,1260],{"class":2691},[1050,4532,1639],{"class":1063},[1050,4534,4292],{"class":2691},[1050,4536,1376],{"class":1063},[1050,4538,3741],{"class":1063},[1050,4540,4541,4544],{"class":1052,"line":3172},[1050,4542,4543],{"class":1511}," try",[1050,4545,3741],{"class":1063},[1050,4547,4548,4550,4553,4555,4558,4561,4563,4565,4567,4569,4571],{"class":1052,"line":3195},[1050,4549,3797],{"class":1480},[1050,4551,4552],{"class":1354}," response",[1050,4554,1795],{"class":1063},[1050,4556,4557],{"class":1511}," await",[1050,4559,4560],{"class":1361}," fetch",[1050,4562,1366],{"class":3763},[1050,4564,1369],{"class":1184},[1050,4566,4323],{"class":1188},[1050,4568,1369],{"class":1184},[1050,4570,1639],{"class":1063},[1050,4572,3741],{"class":1063},[1050,4574,4575,4578,4580,4582,4584,4586],{"class":1052,"line":3205},[1050,4576,4577],{"class":4315}," method",[1050,4579,2646],{"class":1063},[1050,4581,1528],{"class":1184},[1050,4583,1213],{"class":1188},[1050,4585,1369],{"class":1184},[1050,4587,4328],{"class":1063},[1050,4589,4590,4593,4595],{"class":1052,"line":3219},[1050,4591,4592],{"class":4315}," headers",[1050,4594,2646],{"class":1063},[1050,4596,3741],{"class":1063},[1050,4598,4599,4602,4605,4607,4609,4611,4614,4616],{"class":1052,"line":3230},[1050,4600,4601],{"class":1184}," '",[1050,4603,4604],{"class":4360},"Content-Type",[1050,4606,1369],{"class":1184},[1050,4608,2646],{"class":1063},[1050,4610,1528],{"class":1184},[1050,4612,4613],{"class":1188},"application/x-www-form-urlencoded",[1050,4615,1369],{"class":1184},[1050,4617,4328],{"class":1063},[1050,4619,4620,4622,4624,4626,4628,4630],{"class":1052,"line":3245},[1050,4621,4601],{"class":1184},[1050,4623,4241],{"class":4360},[1050,4625,1369],{"class":1184},[1050,4627,2646],{"class":1063},[1050,4629,4038],{"class":1354},[1050,4631,4328],{"class":1063},[1050,4633,4634],{"class":1052,"line":3250},[1050,4635,4636],{"class":1063}," },\n",[1050,4638,4639,4642,4644,4647,4650,4652],{"class":1052,"line":3271},[1050,4640,4641],{"class":4315}," body",[1050,4643,2646],{"class":1063},[1050,4645,4646],{"class":1524}," new",[1050,4648,4649],{"class":1361}," URLSearchParams",[1050,4651,1366],{"class":3763},[1050,4653,4158],{"class":1063},[1050,4655,4656,4658,4660,4662,4664,4666],{"class":1052,"line":3282},[1050,4657,4601],{"class":1184},[1050,4659,1260],{"class":4360},[1050,4661,1369],{"class":1184},[1050,4663,2646],{"class":1063},[1050,4665,2585],{"class":1354},[1050,4667,4328],{"class":1063},[1050,4669,4670,4672,4674,4676,4678,4680],{"class":1052,"line":3305},[1050,4671,4601],{"class":1184},[1050,4673,1302],{"class":4360},[1050,4675,1369],{"class":1184},[1050,4677,2646],{"class":1063},[1050,4679,4292],{"class":1354},[1050,4681,4328],{"class":1063},[1050,4683,4684,4687],{"class":1052,"line":3328},[1050,4685,4686],{"class":1063}," }",[1050,4688,1566],{"class":3763},[1050,4690,4691,4694,4696],{"class":1052,"line":3333},[1050,4692,4693],{"class":1063}," }",[1050,4695,1376],{"class":3763},[1050,4697,1387],{"class":1063},[1050,4699,4700],{"class":1052,"line":3339},[1050,4701,1598],{"class":1520},[1050,4703,4704,4706,4708,4710,4712,4715,4717],{"class":1052,"line":3365},[1050,4705,2484],{"class":1511},[1050,4707,3764],{"class":3763},[1050,4709,4416],{"class":1354},[1050,4711,1358],{"class":1063},[1050,4713,4714],{"class":1354},"ok",[1050,4716,1376],{"class":3763},[1050,4718,3741],{"class":1063},[1050,4720,4721,4723,4726,4728,4730,4732,4734,4737,4739],{"class":1052,"line":3384},[1050,4722,3874],{"class":1480},[1050,4724,4725],{"class":1354}," result",[1050,4727,1795],{"class":1063},[1050,4729,4557],{"class":1511},[1050,4731,4552],{"class":1354},[1050,4733,1358],{"class":1063},[1050,4735,4736],{"class":1361},"json",[1050,4738,1384],{"class":3763},[1050,4740,1387],{"class":1063},[1050,4742,4743,4745,4747,4749,4751,4753,4755],{"class":1052,"line":3389},[1050,4744,4425],{"class":1361},[1050,4746,1366],{"class":3763},[1050,4748,1369],{"class":1184},[1050,4750,4432],{"class":1188},[1050,4752,1369],{"class":1184},[1050,4754,1376],{"class":3763},[1050,4756,1387],{"class":1063},[1050,4758,4759,4761,4764],{"class":1052,"line":3395},[1050,4760,4693],{"class":1063},[1050,4762,4763],{"class":1511}," else",[1050,4765,3741],{"class":1063},[1050,4767,4768,4771,4773,4776,4778,4780,4783,4785,4787],{"class":1052,"line":3403},[1050,4769,4770],{"class":1511}," throw",[1050,4772,4646],{"class":1524},[1050,4774,4775],{"class":1361}," Error",[1050,4777,1366],{"class":3763},[1050,4779,1369],{"class":1184},[1050,4781,4782],{"class":1188},"Transfer failed",[1050,4784,1369],{"class":1184},[1050,4786,1376],{"class":3763},[1050,4788,1387],{"class":1063},[1050,4790,4791],{"class":1052,"line":3435},[1050,4792,4003],{"class":1063},[1050,4794,4795,4797,4800,4802,4804,4806],{"class":1052,"line":3468},[1050,4796,4499],{"class":1063},[1050,4798,4799],{"class":1511}," catch",[1050,4801,3764],{"class":3763},[1050,4803,2597],{"class":1354},[1050,4805,1376],{"class":3763},[1050,4807,3741],{"class":1063},[1050,4809,4810,4813,4815,4817,4819,4821,4823,4825,4827,4830,4832],{"class":1052,"line":3488},[1050,4811,4812],{"class":1361}," alert",[1050,4814,1366],{"class":3763},[1050,4816,1369],{"class":1184},[1050,4818,4480],{"class":1188},[1050,4820,1369],{"class":1184},[1050,4822,3927],{"class":1524},[1050,4824,4465],{"class":1354},[1050,4826,1358],{"class":1063},[1050,4828,4829],{"class":1354},"message",[1050,4831,1376],{"class":3763},[1050,4833,1387],{"class":1063},[1050,4835,4836],{"class":1052,"line":3493},[1050,4837,4008],{"class":1063},[1050,4839,4840],{"class":1052,"line":3507},[1050,4841,4021],{"class":1063},[1035,4843,4845],{"id":4844},"csrf-token-in-templates-for-javascript","CSRF Token in Templates for JavaScript",[1040,4847,4849],{"className":1042,"code":4848,"language":1044,"meta":1045,"style":1045},"\u003C!-- Include CSRF token for JavaScript use -->\n\u003Cscript>\n // Method 1: Inline script with CSRF token\n window.csrfToken = '{{ csrf_token }}';\n\u003C/script>\n\n\u003C!-- Method 2: Meta tag approach -->\n\u003Cmeta name=\"csrf-token\" content=\"{{ csrf_token }}\">\n\n\u003Cscript>\n // Get CSRF token from meta tag\n const csrfToken = document.querySelector('meta[name=\"csrf-token\"]').getAttribute('content');\n\u003C/script>\n\n\u003C!-- Method 3: Hidden input approach -->\n\u003Cdiv id=\"csrf-token\" data-token=\"{{ csrf_token }}\" style=\"display: none;\">\u003C/div>\n\n\u003Cscript>\n // Get CSRF token from data attribute\n const csrfToken = document.getElementById('csrf-token').dataset.token;\n\u003C/script>\n",[1047,4850,4851,4856,4864,4869,4890,4898,4902,4907,4938,4942,4950,4955,5001,5009,5013,5018,5062,5066,5074,5079,5115],{"__ignoreMap":1045},[1050,4852,4853],{"class":1052,"line":1053},[1050,4854,4855],{"class":1056},"\u003C!-- Include CSRF token for JavaScript use -->\n",[1050,4857,4858,4860,4862],{"class":1052,"line":1060},[1050,4859,1081],{"class":1063},[1050,4861,1340],{"class":1067},[1050,4863,1075],{"class":1063},[1050,4865,4866],{"class":1052,"line":1078},[1050,4867,4868],{"class":1056}," // Method 1: Inline script with CSRF token\n",[1050,4870,4871,4874,4876,4879,4881,4883,4886,4888],{"class":1052,"line":1088},[1050,4872,4873],{"class":1354}," window",[1050,4875,1358],{"class":1063},[1050,4877,4878],{"class":1354},"csrfToken",[1050,4880,1795],{"class":1063},[1050,4882,1528],{"class":1184},[1050,4884,4885],{"class":1188},"{{ csrf_token }}",[1050,4887,1369],{"class":1184},[1050,4889,1387],{"class":1063},[1050,4891,4892,4894,4896],{"class":1052,"line":1098},[1050,4893,1114],{"class":1063},[1050,4895,1340],{"class":1067},[1050,4897,1075],{"class":1063},[1050,4899,4900],{"class":1052,"line":1121},[1050,4901,1700],{"emptyLinePlaceholder":1699},[1050,4903,4904],{"class":1052,"line":1130},[1050,4905,4906],{"class":1056},"\u003C!-- Method 2: Meta tag approach -->\n",[1050,4908,4909,4911,4914,4916,4918,4920,4923,4925,4928,4930,4932,4934,4936],{"class":1052,"line":1140},[1050,4910,1081],{"class":1063},[1050,4912,4913],{"class":1067},"meta",[1050,4915,1253],{"class":1071},[1050,4917,1181],{"class":1063},[1050,4919,1185],{"class":1184},[1050,4921,4922],{"class":1188},"csrf-token",[1050,4924,1185],{"class":1184},[1050,4926,4927],{"class":1071}," content",[1050,4929,1181],{"class":1063},[1050,4931,1185],{"class":1184},[1050,4933,4885],{"class":1188},[1050,4935,1185],{"class":1184},[1050,4937,1075],{"class":1063},[1050,4939,4940],{"class":1052,"line":1158},[1050,4941,1700],{"emptyLinePlaceholder":1699},[1050,4943,4944,4946,4948],{"class":1052,"line":1164},[1050,4945,1081],{"class":1063},[1050,4947,1340],{"class":1067},[1050,4949,1075],{"class":1063},[1050,4951,4952],{"class":1052,"line":1170},[1050,4953,4954],{"class":1056}," // Get CSRF token from meta tag\n",[1050,4956,4957,4960,4963,4965,4967,4969,4972,4974,4976,4979,4981,4983,4985,4988,4990,4992,4995,4997,4999],{"class":1052,"line":1232},[1050,4958,4959],{"class":1480}," const",[1050,4961,4962],{"class":1354}," csrfToken",[1050,4964,1795],{"class":1063},[1050,4966,3778],{"class":1354},[1050,4968,1358],{"class":1063},[1050,4970,4971],{"class":1361},"querySelector",[1050,4973,1366],{"class":1365},[1050,4975,1369],{"class":1184},[1050,4977,4978],{"class":1188},"meta[name=\"csrf-token\"]",[1050,4980,1369],{"class":1184},[1050,4982,1376],{"class":1365},[1050,4984,1358],{"class":1063},[1050,4986,4987],{"class":1361},"getAttribute",[1050,4989,1366],{"class":1365},[1050,4991,1369],{"class":1184},[1050,4993,4994],{"class":1188},"content",[1050,4996,1369],{"class":1184},[1050,4998,1376],{"class":1365},[1050,5000,1387],{"class":1063},[1050,5002,5003,5005,5007],{"class":1052,"line":1279},[1050,5004,1114],{"class":1063},[1050,5006,1340],{"class":1067},[1050,5008,1075],{"class":1063},[1050,5010,5011],{"class":1052,"line":1320},[1050,5012,1700],{"emptyLinePlaceholder":1699},[1050,5014,5015],{"class":1052,"line":1330},[1050,5016,5017],{"class":1056},"\u003C!-- Method 3: Hidden input approach -->\n",[1050,5019,5020,5022,5024,5026,5028,5030,5032,5034,5037,5039,5041,5043,5045,5047,5049,5051,5053,5055,5058,5060],{"class":1052,"line":1335},[1050,5021,1081],{"class":1063},[1050,5023,2039],{"class":1067},[1050,5025,1178],{"class":1071},[1050,5027,1181],{"class":1063},[1050,5029,1185],{"class":1184},[1050,5031,4922],{"class":1188},[1050,5033,1185],{"class":1184},[1050,5035,5036],{"class":1071}," data-token",[1050,5038,1181],{"class":1063},[1050,5040,1185],{"class":1184},[1050,5042,4885],{"class":1188},[1050,5044,1185],{"class":1184},[1050,5046,1218],{"class":1071},[1050,5048,1181],{"class":1063},[1050,5050,1185],{"class":1184},[1050,5052,1225],{"class":1188},[1050,5054,1185],{"class":1184},[1050,5056,5057],{"class":1063},">\u003C/",[1050,5059,2039],{"class":1067},[1050,5061,1075],{"class":1063},[1050,5063,5064],{"class":1052,"line":1345},[1050,5065,1700],{"emptyLinePlaceholder":1699},[1050,5067,5068,5070,5072],{"class":1052,"line":1351},[1050,5069,1081],{"class":1063},[1050,5071,1340],{"class":1067},[1050,5073,1075],{"class":1063},[1050,5075,5076],{"class":1052,"line":1390},[1050,5077,5078],{"class":1056}," // Get CSRF token from data attribute\n",[1050,5080,5081,5083,5085,5087,5089,5091,5093,5095,5097,5099,5101,5103,5105,5108,5110,5113],{"class":1052,"line":1399},[1050,5082,4959],{"class":1480},[1050,5084,4962],{"class":1354},[1050,5086,1795],{"class":1063},[1050,5088,3778],{"class":1354},[1050,5090,1358],{"class":1063},[1050,5092,1362],{"class":1361},[1050,5094,1366],{"class":1365},[1050,5096,1369],{"class":1184},[1050,5098,4922],{"class":1188},[1050,5100,1369],{"class":1184},[1050,5102,1376],{"class":1365},[1050,5104,1358],{"class":1063},[1050,5106,5107],{"class":1354},"dataset",[1050,5109,1358],{"class":1063},[1050,5111,5112],{"class":1354},"token",[1050,5114,1387],{"class":1063},[1050,5116,5117,5119,5121],{"class":1052,"line":1404},[1050,5118,1114],{"class":1063},[1050,5120,1340],{"class":1067},[1050,5122,1075],{"class":1063},[1030,5124,5126],{"id":5125},"advanced-csrf-configuration","Advanced CSRF Configuration",[1035,5128,5130],{"id":5129},"custom-csrf-failure-handling","Custom CSRF Failure Handling",[1040,5132,5134],{"className":1466,"code":5133,"language":1468,"meta":1045,"style":1045},"# views.py - Custom CSRF failure view\ndef csrf_failure(request, reason=\"\"):\n \"\"\"Custom CSRF failure handler\"\"\"\n \n # Log CSRF failure for security monitoring\n logger.warning(f\"CSRF failure: {reason}\", extra={\n 'ip_address': get_client_ip(request),\n 'user_agent': request.META.get('HTTP_USER_AGENT', ''),\n 'path': request.path,\n 'user': getattr(request, 'user', None),\n 'reason': reason,\n })\n \n # Different responses based on request type\n if request.headers.get('Content-Type') == 'application/json':\n return JsonResponse({\n 'error': 'CSRF verification failed',\n 'message': 'Please refresh the page and try again'\n }, status=403)\n \n # Render custom CSRF error page\n context = {\n 'reason': reason,\n 'support_email': settings.SUPPORT_EMAIL,\n }\n \n return render(request, 'csrf_failure.html', context, status=403)\n\n# settings.py\nCSRF_FAILURE_VIEW = 'myapp.views.csrf_failure'\n",[1047,5135,5136,5141,5164,5173,5177,5182,5216,5238,5275,5294,5327,5341,5346,5350,5355,5391,5401,5420,5437,5451,5455,5460,5469,5483,5503,5507,5511,5545,5549,5554],{"__ignoreMap":1045},[1050,5137,5138],{"class":1052,"line":1053},[1050,5139,5140],{"class":1056},"# views.py - Custom CSRF failure view\n",[1050,5142,5143,5145,5148,5150,5152,5154,5157,5159,5162],{"class":1052,"line":1060},[1050,5144,1481],{"class":1480},[1050,5146,5147],{"class":1361}," csrf_failure",[1050,5149,1366],{"class":1063},[1050,5151,1490],{"class":1489},[1050,5153,1639],{"class":1063},[1050,5155,5156],{"class":1489}," reason",[1050,5158,1181],{"class":1524},[1050,5160,5161],{"class":1184},"\"\"",[1050,5163,1493],{"class":1063},[1050,5165,5166,5168,5171],{"class":1052,"line":1078},[1050,5167,1499],{"class":1498},[1050,5169,5170],{"class":1502},"Custom CSRF failure handler",[1050,5172,1506],{"class":1498},[1050,5174,5175],{"class":1052,"line":1088},[1050,5176,1161],{"class":1110},[1050,5178,5179],{"class":1052,"line":1098},[1050,5180,5181],{"class":1056}," # Log CSRF failure for security monitoring\n",[1050,5183,5184,5187,5189,5192,5194,5196,5199,5201,5204,5206,5208,5210,5213],{"class":1052,"line":1121},[1050,5185,5186],{"class":1110}," logger",[1050,5188,1358],{"class":1063},[1050,5190,5191],{"class":1554},"warning",[1050,5193,1366],{"class":1063},[1050,5195,2880],{"class":1480},[1050,5197,5198],{"class":1188},"\"CSRF failure: ",[1050,5200,2843],{"class":2842},[1050,5202,5203],{"class":1554},"reason",[1050,5205,2848],{"class":2842},[1050,5207,1185],{"class":1188},[1050,5209,1639],{"class":1063},[1050,5211,5212],{"class":2691}," extra",[1050,5214,5215],{"class":1063},"={\n",[1050,5217,5218,5221,5224,5226,5228,5231,5233,5235],{"class":1052,"line":1130},[1050,5219,5220],{"class":1184}," '",[1050,5222,5223],{"class":1188},"ip_address",[1050,5225,1369],{"class":1184},[1050,5227,2646],{"class":1063},[1050,5229,5230],{"class":1554}," get_client_ip",[1050,5232,1366],{"class":1063},[1050,5234,1490],{"class":1554},[1050,5236,5237],{"class":1063},"),\n",[1050,5239,5240,5242,5245,5247,5249,5251,5253,5256,5258,5260,5262,5264,5267,5269,5271,5273],{"class":1052,"line":1140},[1050,5241,5220],{"class":1184},[1050,5243,5244],{"class":1188},"user_agent",[1050,5246,1369],{"class":1184},[1050,5248,2646],{"class":1063},[1050,5250,1515],{"class":1554},[1050,5252,1358],{"class":1063},[1050,5254,5255],{"class":1549},"META",[1050,5257,1358],{"class":1063},[1050,5259,1555],{"class":1554},[1050,5261,1366],{"class":1063},[1050,5263,1369],{"class":1184},[1050,5265,5266],{"class":1188},"HTTP_USER_AGENT",[1050,5268,1369],{"class":1184},[1050,5270,1639],{"class":1063},[1050,5272,3788],{"class":1184},[1050,5274,5237],{"class":1063},[1050,5276,5277,5279,5282,5284,5286,5288,5290,5292],{"class":1052,"line":1158},[1050,5278,5220],{"class":1184},[1050,5280,5281],{"class":1188},"path",[1050,5283,1369],{"class":1184},[1050,5285,2646],{"class":1063},[1050,5287,1515],{"class":1554},[1050,5289,1358],{"class":1063},[1050,5291,5281],{"class":1520},[1050,5293,4328],{"class":1063},[1050,5295,5296,5298,5300,5302,5304,5308,5310,5312,5314,5316,5318,5320,5322,5325],{"class":1052,"line":1164},[1050,5297,5220],{"class":1184},[1050,5299,1617],{"class":1188},[1050,5301,1369],{"class":1184},[1050,5303,2646],{"class":1063},[1050,5305,5307],{"class":5306},"sJdAF"," getattr",[1050,5309,1366],{"class":1063},[1050,5311,1490],{"class":1554},[1050,5313,1639],{"class":1063},[1050,5315,1528],{"class":1184},[1050,5317,1617],{"class":1188},[1050,5319,1369],{"class":1184},[1050,5321,1639],{"class":1063},[1050,5323,5324],{"class":1856}," None",[1050,5326,5237],{"class":1063},[1050,5328,5329,5331,5333,5335,5337,5339],{"class":1052,"line":1170},[1050,5330,5220],{"class":1184},[1050,5332,5203],{"class":1188},[1050,5334,1369],{"class":1184},[1050,5336,2646],{"class":1063},[1050,5338,5156],{"class":1554},[1050,5340,4328],{"class":1063},[1050,5342,5343],{"class":1052,"line":1232},[1050,5344,5345],{"class":1063}," })\n",[1050,5347,5348],{"class":1052,"line":1279},[1050,5349,1161],{"class":1110},[1050,5351,5352],{"class":1052,"line":1320},[1050,5353,5354],{"class":1056}," # Different responses based on request type\n",[1050,5356,5357,5359,5361,5363,5366,5368,5370,5372,5374,5376,5378,5380,5382,5384,5387,5389],{"class":1052,"line":1330},[1050,5358,1512],{"class":1511},[1050,5360,1515],{"class":1110},[1050,5362,1358],{"class":1063},[1050,5364,5365],{"class":1520},"headers",[1050,5367,1358],{"class":1063},[1050,5369,1555],{"class":1554},[1050,5371,1366],{"class":1063},[1050,5373,1369],{"class":1184},[1050,5375,4604],{"class":1188},[1050,5377,1369],{"class":1184},[1050,5379,1376],{"class":1063},[1050,5381,1525],{"class":1524},[1050,5383,1528],{"class":1184},[1050,5385,5386],{"class":1188},"application/json",[1050,5388,1369],{"class":1184},[1050,5390,1535],{"class":1063},[1050,5392,5393,5395,5398],{"class":1052,"line":1335},[1050,5394,1653],{"class":1511},[1050,5396,5397],{"class":1554}," JsonResponse",[1050,5399,5400],{"class":1063},"({\n",[1050,5402,5403,5405,5407,5409,5411,5413,5416,5418],{"class":1052,"line":1345},[1050,5404,4357],{"class":1184},[1050,5406,2597],{"class":1188},[1050,5408,1369],{"class":1184},[1050,5410,2646],{"class":1063},[1050,5412,1528],{"class":1184},[1050,5414,5415],{"class":1188},"CSRF verification failed",[1050,5417,1369],{"class":1184},[1050,5419,4328],{"class":1063},[1050,5421,5422,5424,5426,5428,5430,5432,5435],{"class":1052,"line":1351},[1050,5423,4357],{"class":1184},[1050,5425,4829],{"class":1188},[1050,5427,1369],{"class":1184},[1050,5429,2646],{"class":1063},[1050,5431,1528],{"class":1184},[1050,5433,5434],{"class":1188},"Please refresh the page and try again",[1050,5436,1885],{"class":1184},[1050,5438,5439,5442,5444,5446,5449],{"class":1052,"line":1390},[1050,5440,5441],{"class":1063}," },",[1050,5443,4460],{"class":2691},[1050,5445,1181],{"class":1063},[1050,5447,5448],{"class":1842},"403",[1050,5450,1566],{"class":1063},[1050,5452,5453],{"class":1052,"line":1399},[1050,5454,1161],{"class":1110},[1050,5456,5457],{"class":1052,"line":1404},[1050,5458,5459],{"class":1056}," # Render custom CSRF error page\n",[1050,5461,5462,5465,5467],{"class":1052,"line":1410},[1050,5463,5464],{"class":1110}," context ",[1050,5466,1181],{"class":1063},[1050,5468,3741],{"class":1063},[1050,5470,5471,5473,5475,5477,5479,5481],{"class":1052,"line":1444},[1050,5472,5220],{"class":1184},[1050,5474,5203],{"class":1188},[1050,5476,1369],{"class":1184},[1050,5478,2646],{"class":1063},[1050,5480,5156],{"class":1110},[1050,5482,4328],{"class":1063},[1050,5484,5485,5487,5490,5492,5494,5496,5498,5501],{"class":1052,"line":1453},[1050,5486,5220],{"class":1184},[1050,5488,5489],{"class":1188},"support_email",[1050,5491,1369],{"class":1184},[1050,5493,2646],{"class":1063},[1050,5495,4178],{"class":1110},[1050,5497,1358],{"class":1063},[1050,5499,5500],{"class":1549},"SUPPORT_EMAIL",[1050,5502,4328],{"class":1063},[1050,5504,5505],{"class":1052,"line":1957},[1050,5506,4008],{"class":1063},[1050,5508,5509],{"class":1052,"line":1968},[1050,5510,1161],{"class":1110},[1050,5512,5513,5515,5517,5519,5521,5523,5525,5528,5530,5532,5535,5537,5539,5541,5543],{"class":1052,"line":2714},[1050,5514,1676],{"class":1511},[1050,5516,1679],{"class":1554},[1050,5518,1366],{"class":1063},[1050,5520,1490],{"class":1554},[1050,5522,1639],{"class":1063},[1050,5524,1528],{"class":1184},[1050,5526,5527],{"class":1188},"csrf_failure.html",[1050,5529,1369],{"class":1184},[1050,5531,1639],{"class":1063},[1050,5533,5534],{"class":1554}," context",[1050,5536,1639],{"class":1063},[1050,5538,4460],{"class":2691},[1050,5540,1181],{"class":1063},[1050,5542,5448],{"class":1842},[1050,5544,1566],{"class":1063},[1050,5546,5547],{"class":1052,"line":2738},[1050,5548,1700],{"emptyLinePlaceholder":1699},[1050,5550,5551],{"class":1052,"line":2773},[1050,5552,5553],{"class":1056},"# settings.py\n",[1050,5555,5556,5558,5560,5562,5565],{"class":1052,"line":2778},[1050,5557,1931],{"class":1791},[1050,5559,1795],{"class":1063},[1050,5561,1528],{"class":1184},[1050,5563,5564],{"class":1188},"myapp.views.csrf_failure",[1050,5566,1885],{"class":1184},[1035,5568,5570],{"id":5569},"csrf-trusted-origins","CSRF Trusted Origins",[1040,5572,5574],{"className":1466,"code":5573,"language":1468,"meta":1045,"style":1045},"# settings.py - Configure trusted origins for cross-origin requests\nCSRF_TRUSTED_ORIGINS = [\n 'https://api.yourdomain.com',\n 'https://mobile.yourdomain.com',\n 'https://partner.example.com',\n]\n\n# For development with different ports\nif DEBUG:\n CSRF_TRUSTED_ORIGINS.extend([\n 'http://localhost:3000', # React dev server\n 'http://127.0.0.1:3000',\n 'http://localhost:8080', # Vue dev server\n ])\n",[1047,5575,5576,5581,5589,5600,5611,5622,5626,5630,5635,5645,5658,5672,5683,5697],{"__ignoreMap":1045},[1050,5577,5578],{"class":1052,"line":1053},[1050,5579,5580],{"class":1056},"# settings.py - Configure trusted origins for cross-origin requests\n",[1050,5582,5583,5585,5587],{"class":1052,"line":1060},[1050,5584,1960],{"class":1791},[1050,5586,1795],{"class":1063},[1050,5588,1798],{"class":1063},[1050,5590,5591,5593,5596,5598],{"class":1052,"line":1078},[1050,5592,1803],{"class":1184},[1050,5594,5595],{"class":1188},"https://api.yourdomain.com",[1050,5597,1369],{"class":1184},[1050,5599,4328],{"class":1063},[1050,5601,5602,5604,5607,5609],{"class":1052,"line":1088},[1050,5603,1803],{"class":1184},[1050,5605,5606],{"class":1188},"https://mobile.yourdomain.com",[1050,5608,1369],{"class":1184},[1050,5610,4328],{"class":1063},[1050,5612,5613,5615,5618,5620],{"class":1052,"line":1098},[1050,5614,1803],{"class":1184},[1050,5616,5617],{"class":1188},"https://partner.example.com",[1050,5619,1369],{"class":1184},[1050,5621,4328],{"class":1063},[1050,5623,5624],{"class":1052,"line":1121},[1050,5625,1823],{"class":1063},[1050,5627,5628],{"class":1052,"line":1130},[1050,5629,1700],{"emptyLinePlaceholder":1699},[1050,5631,5632],{"class":1052,"line":1140},[1050,5633,5634],{"class":1056},"# For development with different ports\n",[1050,5636,5637,5640,5643],{"class":1052,"line":1158},[1050,5638,5639],{"class":1511},"if",[1050,5641,5642],{"class":1791}," DEBUG",[1050,5644,1535],{"class":1063},[1050,5646,5647,5650,5652,5655],{"class":1052,"line":1164},[1050,5648,5649],{"class":1791}," CSRF_TRUSTED_ORIGINS",[1050,5651,1358],{"class":1063},[1050,5653,5654],{"class":1554},"extend",[1050,5656,5657],{"class":1063},"([\n",[1050,5659,5660,5662,5665,5667,5669],{"class":1052,"line":1170},[1050,5661,5220],{"class":1184},[1050,5663,5664],{"class":1188},"http://localhost:3000",[1050,5666,1369],{"class":1184},[1050,5668,1639],{"class":1063},[1050,5670,5671],{"class":1056}," # React dev server\n",[1050,5673,5674,5676,5679,5681],{"class":1052,"line":1232},[1050,5675,5220],{"class":1184},[1050,5677,5678],{"class":1188},"http://127.0.0.1:3000",[1050,5680,1369],{"class":1184},[1050,5682,4328],{"class":1063},[1050,5684,5685,5687,5690,5692,5694],{"class":1052,"line":1279},[1050,5686,5220],{"class":1184},[1050,5688,5689],{"class":1188},"http://localhost:8080",[1050,5691,1369],{"class":1184},[1050,5693,1639],{"class":1063},[1050,5695,5696],{"class":1056}," # Vue dev server\n",[1050,5698,5699],{"class":1052,"line":1320},[1050,5700,5701],{"class":1063}," ])\n",[1035,5703,5705],{"id":5704},"custom-csrf-middleware","Custom CSRF Middleware",[1040,5707,5709],{"className":1466,"code":5708,"language":1468,"meta":1045,"style":1045},"# middleware.py - Enhanced CSRF middleware\nimport time\nfrom django.middleware.csrf import CsrfViewMiddleware\nfrom django.core.cache import cache\n\nclass EnhancedCsrfMiddleware(CsrfViewMiddleware):\n \"\"\"Enhanced CSRF middleware with additional security features\"\"\"\n \n def process_request(self, request):\n \"\"\"Enhanced request processing with rate limiting\"\"\"\n \n # Rate limit CSRF failures per IP\n client_ip = self.get_client_ip(request)\n failure_key = f\"csrf_failures:{client_ip}\"\n failure_count = cache.get(failure_key, 0)\n \n if failure_count >= 10: # Max 10 failures per hour\n logger.warning(f\"CSRF failure rate limit exceeded for IP: {client_ip}\")\n return HttpResponseTooManyRequests(\"Too many CSRF failures\")\n \n return super().process_request(request)\n \n def process_view(self, request, callback, callback_args, callback_kwargs):\n \"\"\"Enhanced view processing with additional validation\"\"\"\n \n # Check for suspicious patterns in CSRF failures\n if hasattr(request, '_csrf_processing_done'):\n return None\n \n # Additional CSRF validation for sensitive operations\n if self.is_sensitive_operation(request):\n if not self.validate_additional_csrf_checks(request):\n self.record_csrf_failure(request, \"Additional validation failed\")\n return self.csrf_failure(request, \"Additional validation required\")\n \n return super().process_view(request, callback, callback_args, callback_kwargs)\n \n def is_sensitive_operation(self, request):\n \"\"\"Check if request is for sensitive operation\"\"\"\n sensitive_paths = [\n '/transfer-money/',\n '/change-password/',\n '/delete-account/',\n '/admin/',\n ]\n \n return any(request.path.startswith(path) for path in sensitive_paths)\n \n def validate_additional_csrf_checks(self, request):\n \"\"\"Additional CSRF validation for sensitive operations\"\"\"\n \n # Check request timing (prevent replay attacks)\n csrf_time = request.POST.get('csrf_timestamp')\n if csrf_time:\n try:\n timestamp = float(csrf_time)\n if time.time() - timestamp > 300: # 5 minutes max\n return False\n except (ValueError, TypeError):\n return False\n \n # Check referrer for additional validation\n referer = request.META.get('HTTP_REFERER', '')\n if not referer.startswith(f\"https://{request.get_host()}\"):\n return False\n \n return True\n \n def record_csrf_failure(self, request, reason):\n \"\"\"Record CSRF failure for monitoring\"\"\"\n client_ip = self.get_client_ip(request)\n failure_key = f\"csrf_failures:{client_ip}\"\n \n # Increment failure count\n failure_count = cache.get(failure_key, 0) + 1\n cache.set(failure_key, failure_count, 3600) # 1 hour\n \n # Log failure\n logger.warning(f\"CSRF failure: {reason}\", extra={\n 'ip_address': client_ip,\n 'user_agent': request.META.get('HTTP_USER_AGENT', ''),\n 'path': request.path,\n 'failure_count': failure_count,\n })\n \n def get_client_ip(self, request):\n \"\"\"Get client IP address\"\"\"\n x_forwarded_for = request.META.get('HTTP_X_FORWARDED_FOR')\n if x_forwarded_for:\n ip = x_forwarded_for.split(',')[0]\n else:\n ip = request.META.get('REMOTE_ADDR')\n return ip\n",[1047,5710,5711,5716,5723,5743,5764,5768,5782,5791,5795,5812,5821,5825,5830,5850,5872,5897,5901,5919,5945,5963,5967,5984,5988,6020,6029,6033,6038,6060,6066,6070,6075,6092,6111,6136,6162,6166,6195,6199,6216,6225,6234,6244,6255,6266,6277,6282,6286,6325,6329,6346,6355,6359,6364,6392,6401,6407,6424,6455,6462,6478,6484,6488,6493,6525,6562,6568,6572,6578,6582,6603,6612,6630,6648,6652,6657,6684,6713,6717,6722,6751,6766,6800,6818,6833,6838,6842,6858,6867,6895,6905,6934,6941,6969],{"__ignoreMap":1045},[1050,5712,5713],{"class":1052,"line":1053},[1050,5714,5715],{"class":1056},"# middleware.py - Enhanced CSRF middleware\n",[1050,5717,5718,5720],{"class":1052,"line":1060},[1050,5719,2359],{"class":1511},[1050,5721,5722],{"class":1110}," time\n",[1050,5724,5725,5727,5729,5731,5734,5736,5738,5740],{"class":1052,"line":1078},[1050,5726,2338],{"class":1511},[1050,5728,2341],{"class":1110},[1050,5730,1358],{"class":1063},[1050,5732,5733],{"class":1110},"middleware",[1050,5735,1358],{"class":1063},[1050,5737,2356],{"class":1110},[1050,5739,2359],{"class":1511},[1050,5741,5742],{"class":1110}," CsrfViewMiddleware\n",[1050,5744,5745,5747,5749,5751,5754,5756,5759,5761],{"class":1052,"line":1088},[1050,5746,2338],{"class":1511},[1050,5748,2341],{"class":1110},[1050,5750,1358],{"class":1063},[1050,5752,5753],{"class":1110},"core",[1050,5755,1358],{"class":1063},[1050,5757,5758],{"class":1110},"cache ",[1050,5760,2359],{"class":1511},[1050,5762,5763],{"class":1110}," cache\n",[1050,5765,5766],{"class":1052,"line":1098},[1050,5767,1700],{"emptyLinePlaceholder":1699},[1050,5769,5770,5772,5775,5777,5780],{"class":1052,"line":1121},[1050,5771,3175],{"class":1480},[1050,5773,5774],{"class":3178}," EnhancedCsrfMiddleware",[1050,5776,1366],{"class":1063},[1050,5778,5779],{"class":3184},"CsrfViewMiddleware",[1050,5781,1493],{"class":1063},[1050,5783,5784,5786,5789],{"class":1052,"line":1130},[1050,5785,1499],{"class":1498},[1050,5787,5788],{"class":1502},"Enhanced CSRF middleware with additional security features",[1050,5790,1506],{"class":1498},[1050,5792,5793],{"class":1052,"line":1140},[1050,5794,1161],{"class":1110},[1050,5796,5797,5799,5802,5804,5806,5808,5810],{"class":1052,"line":1158},[1050,5798,3253],{"class":1480},[1050,5800,5801],{"class":1361}," process_request",[1050,5803,1366],{"class":1063},[1050,5805,3262],{"class":3261},[1050,5807,1639],{"class":1063},[1050,5809,1515],{"class":1489},[1050,5811,1493],{"class":1063},[1050,5813,5814,5816,5819],{"class":1052,"line":1164},[1050,5815,3274],{"class":1498},[1050,5817,5818],{"class":1502},"Enhanced request processing with rate limiting",[1050,5820,1506],{"class":1498},[1050,5822,5823],{"class":1052,"line":1170},[1050,5824,1598],{"class":1110},[1050,5826,5827],{"class":1052,"line":1232},[1050,5828,5829],{"class":1056}," # Rate limit CSRF failures per IP\n",[1050,5831,5832,5835,5837,5839,5841,5844,5846,5848],{"class":1052,"line":1279},[1050,5833,5834],{"class":1110}," client_ip ",[1050,5836,1181],{"class":1063},[1050,5838,3347],{"class":1791},[1050,5840,1358],{"class":1063},[1050,5842,5843],{"class":1554},"get_client_ip",[1050,5845,1366],{"class":1063},[1050,5847,1490],{"class":1554},[1050,5849,1566],{"class":1063},[1050,5851,5852,5855,5857,5859,5862,5864,5867,5869],{"class":1052,"line":1320},[1050,5853,5854],{"class":1110}," failure_key ",[1050,5856,1181],{"class":1063},[1050,5858,2836],{"class":1480},[1050,5860,5861],{"class":1188},"\"csrf_failures:",[1050,5863,2843],{"class":2842},[1050,5865,5866],{"class":1110},"client_ip",[1050,5868,2848],{"class":2842},[1050,5870,5871],{"class":1188},"\"\n",[1050,5873,5874,5877,5879,5882,5884,5886,5888,5891,5893,5895],{"class":1052,"line":1330},[1050,5875,5876],{"class":1110}," failure_count ",[1050,5878,1181],{"class":1063},[1050,5880,5881],{"class":1110}," cache",[1050,5883,1358],{"class":1063},[1050,5885,1555],{"class":1554},[1050,5887,1366],{"class":1063},[1050,5889,5890],{"class":1554},"failure_key",[1050,5892,1639],{"class":1063},[1050,5894,3844],{"class":1842},[1050,5896,1566],{"class":1063},[1050,5898,5899],{"class":1052,"line":1335},[1050,5900,1598],{"class":1110},[1050,5902,5903,5905,5908,5911,5914,5916],{"class":1052,"line":1345},[1050,5904,2484],{"class":1511},[1050,5906,5907],{"class":1110}," failure_count ",[1050,5909,5910],{"class":1524},">=",[1050,5912,5913],{"class":1842}," 10",[1050,5915,2646],{"class":1063},[1050,5917,5918],{"class":1056}," # Max 10 failures per hour\n",[1050,5920,5921,5924,5926,5928,5930,5932,5935,5937,5939,5941,5943],{"class":1052,"line":1351},[1050,5922,5923],{"class":1110}," logger",[1050,5925,1358],{"class":1063},[1050,5927,5191],{"class":1554},[1050,5929,1366],{"class":1063},[1050,5931,2880],{"class":1480},[1050,5933,5934],{"class":1188},"\"CSRF failure rate limit exceeded for IP: ",[1050,5936,2843],{"class":2842},[1050,5938,5866],{"class":1554},[1050,5940,2848],{"class":2842},[1050,5942,1185],{"class":1188},[1050,5944,1566],{"class":1063},[1050,5946,5947,5949,5952,5954,5956,5959,5961],{"class":1052,"line":1390},[1050,5948,3368],{"class":1511},[1050,5950,5951],{"class":1554}," HttpResponseTooManyRequests",[1050,5953,1366],{"class":1063},[1050,5955,1185],{"class":1184},[1050,5957,5958],{"class":1188},"Too many CSRF failures",[1050,5960,1185],{"class":1184},[1050,5962,1566],{"class":1063},[1050,5964,5965],{"class":1052,"line":1399},[1050,5966,1598],{"class":1110},[1050,5968,5969,5971,5973,5975,5978,5980,5982],{"class":1052,"line":1404},[1050,5970,1653],{"class":1511},[1050,5972,3473],{"class":2990},[1050,5974,3476],{"class":1063},[1050,5976,5977],{"class":1554},"process_request",[1050,5979,1366],{"class":1063},[1050,5981,1490],{"class":1554},[1050,5983,1566],{"class":1063},[1050,5985,5986],{"class":1052,"line":1410},[1050,5987,1161],{"class":1110},[1050,5989,5990,5992,5995,5997,5999,6001,6003,6005,6008,6010,6013,6015,6018],{"class":1052,"line":1444},[1050,5991,3253],{"class":1480},[1050,5993,5994],{"class":1361}," process_view",[1050,5996,1366],{"class":1063},[1050,5998,3262],{"class":3261},[1050,6000,1639],{"class":1063},[1050,6002,1515],{"class":1489},[1050,6004,1639],{"class":1063},[1050,6006,6007],{"class":1489}," callback",[1050,6009,1639],{"class":1063},[1050,6011,6012],{"class":1489}," callback_args",[1050,6014,1639],{"class":1063},[1050,6016,6017],{"class":1489}," callback_kwargs",[1050,6019,1493],{"class":1063},[1050,6021,6022,6024,6027],{"class":1052,"line":1453},[1050,6023,3274],{"class":1498},[1050,6025,6026],{"class":1502},"Enhanced view processing with additional validation",[1050,6028,1506],{"class":1498},[1050,6030,6031],{"class":1052,"line":1957},[1050,6032,1598],{"class":1110},[1050,6034,6035],{"class":1052,"line":1968},[1050,6036,6037],{"class":1056}," # Check for suspicious patterns in CSRF failures\n",[1050,6039,6040,6042,6045,6047,6049,6051,6053,6056,6058],{"class":1052,"line":2714},[1050,6041,2484],{"class":1511},[1050,6043,6044],{"class":5306}," hasattr",[1050,6046,1366],{"class":1063},[1050,6048,1490],{"class":1554},[1050,6050,1639],{"class":1063},[1050,6052,1528],{"class":1184},[1050,6054,6055],{"class":1188},"_csrf_processing_done",[1050,6057,1369],{"class":1184},[1050,6059,1493],{"class":1063},[1050,6061,6062,6064],{"class":1052,"line":2738},[1050,6063,3368],{"class":1511},[1050,6065,1857],{"class":1856},[1050,6067,6068],{"class":1052,"line":2773},[1050,6069,1598],{"class":1110},[1050,6071,6072],{"class":1052,"line":2778},[1050,6073,6074],{"class":1056}," # Additional CSRF validation for sensitive operations\n",[1050,6076,6077,6079,6081,6083,6086,6088,6090],{"class":1052,"line":2784},[1050,6078,2484],{"class":1511},[1050,6080,3347],{"class":1791},[1050,6082,1358],{"class":1063},[1050,6084,6085],{"class":1554},"is_sensitive_operation",[1050,6087,1366],{"class":1063},[1050,6089,1490],{"class":1554},[1050,6091,1493],{"class":1063},[1050,6093,6094,6096,6098,6100,6102,6105,6107,6109],{"class":1052,"line":2791},[1050,6095,2563],{"class":1511},[1050,6097,3344],{"class":1524},[1050,6099,3347],{"class":1791},[1050,6101,1358],{"class":1063},[1050,6103,6104],{"class":1554},"validate_additional_csrf_checks",[1050,6106,1366],{"class":1063},[1050,6108,1490],{"class":1554},[1050,6110,1493],{"class":1063},[1050,6112,6113,6116,6118,6121,6123,6125,6127,6129,6132,6134],{"class":1052,"line":2820},[1050,6114,6115],{"class":1791}," self",[1050,6117,1358],{"class":1063},[1050,6119,6120],{"class":1554},"record_csrf_failure",[1050,6122,1366],{"class":1063},[1050,6124,1490],{"class":1554},[1050,6126,1639],{"class":1063},[1050,6128,2606],{"class":1184},[1050,6130,6131],{"class":1188},"Additional validation failed",[1050,6133,1185],{"class":1184},[1050,6135,1566],{"class":1063},[1050,6137,6138,6140,6142,6144,6147,6149,6151,6153,6155,6158,6160],{"class":1052,"line":2855},[1050,6139,2618],{"class":1511},[1050,6141,3347],{"class":1791},[1050,6143,1358],{"class":1063},[1050,6145,6146],{"class":1554},"csrf_failure",[1050,6148,1366],{"class":1063},[1050,6150,1490],{"class":1554},[1050,6152,1639],{"class":1063},[1050,6154,2606],{"class":1184},[1050,6156,6157],{"class":1188},"Additional validation required",[1050,6159,1185],{"class":1184},[1050,6161,1566],{"class":1063},[1050,6163,6164],{"class":1052,"line":2861},[1050,6165,1598],{"class":1110},[1050,6167,6168,6170,6172,6174,6177,6179,6181,6183,6185,6187,6189,6191,6193],{"class":1052,"line":2867},[1050,6169,1653],{"class":1511},[1050,6171,3473],{"class":2990},[1050,6173,3476],{"class":1063},[1050,6175,6176],{"class":1554},"process_view",[1050,6178,1366],{"class":1063},[1050,6180,1490],{"class":1554},[1050,6182,1639],{"class":1063},[1050,6184,6007],{"class":1554},[1050,6186,1639],{"class":1063},[1050,6188,6012],{"class":1554},[1050,6190,1639],{"class":1063},[1050,6192,6017],{"class":1554},[1050,6194,1566],{"class":1063},[1050,6196,6197],{"class":1052,"line":2923},[1050,6198,1161],{"class":1110},[1050,6200,6201,6203,6206,6208,6210,6212,6214],{"class":1052,"line":2928},[1050,6202,3253],{"class":1480},[1050,6204,6205],{"class":1361}," is_sensitive_operation",[1050,6207,1366],{"class":1063},[1050,6209,3262],{"class":3261},[1050,6211,1639],{"class":1063},[1050,6213,1515],{"class":1489},[1050,6215,1493],{"class":1063},[1050,6217,6218,6220,6223],{"class":1052,"line":2947},[1050,6219,3274],{"class":1498},[1050,6221,6222],{"class":1502},"Check if request is for sensitive operation",[1050,6224,1506],{"class":1498},[1050,6226,6227,6230,6232],{"class":1052,"line":2952},[1050,6228,6229],{"class":1110}," sensitive_paths ",[1050,6231,1181],{"class":1063},[1050,6233,1798],{"class":1063},[1050,6235,6236,6238,6240,6242],{"class":1052,"line":2968},[1050,6237,4357],{"class":1184},[1050,6239,4323],{"class":1188},[1050,6241,1369],{"class":1184},[1050,6243,4328],{"class":1063},[1050,6245,6246,6248,6251,6253],{"class":1052,"line":3007},[1050,6247,4357],{"class":1184},[1050,6249,6250],{"class":1188},"/change-password/",[1050,6252,1369],{"class":1184},[1050,6254,4328],{"class":1063},[1050,6256,6257,6259,6262,6264],{"class":1052,"line":3012},[1050,6258,4357],{"class":1184},[1050,6260,6261],{"class":1188},"/delete-account/",[1050,6263,1369],{"class":1184},[1050,6265,4328],{"class":1063},[1050,6267,6268,6270,6273,6275],{"class":1052,"line":3020},[1050,6269,4357],{"class":1184},[1050,6271,6272],{"class":1188},"/admin/",[1050,6274,1369],{"class":1184},[1050,6276,4328],{"class":1063},[1050,6278,6279],{"class":1052,"line":3045},[1050,6280,6281],{"class":1063}," ]\n",[1050,6283,6284],{"class":1052,"line":3050},[1050,6285,1598],{"class":1110},[1050,6287,6288,6290,6293,6295,6297,6299,6301,6303,6306,6308,6310,6312,6314,6317,6320,6323],{"class":1052,"line":3058},[1050,6289,1653],{"class":1511},[1050,6291,6292],{"class":5306}," any",[1050,6294,1366],{"class":1063},[1050,6296,1490],{"class":1554},[1050,6298,1358],{"class":1063},[1050,6300,5281],{"class":1520},[1050,6302,1358],{"class":1063},[1050,6304,6305],{"class":1554},"startswith",[1050,6307,1366],{"class":1063},[1050,6309,5281],{"class":1554},[1050,6311,1376],{"class":1063},[1050,6313,2063],{"class":1511},[1050,6315,6316],{"class":1554}," path ",[1050,6318,6319],{"class":1511},"in",[1050,6321,6322],{"class":1554}," sensitive_paths",[1050,6324,1566],{"class":1063},[1050,6326,6327],{"class":1052,"line":3070},[1050,6328,1161],{"class":1110},[1050,6330,6331,6333,6336,6338,6340,6342,6344],{"class":1052,"line":3075},[1050,6332,3253],{"class":1480},[1050,6334,6335],{"class":1361}," validate_additional_csrf_checks",[1050,6337,1366],{"class":1063},[1050,6339,3262],{"class":3261},[1050,6341,1639],{"class":1063},[1050,6343,1515],{"class":1489},[1050,6345,1493],{"class":1063},[1050,6347,6348,6350,6353],{"class":1052,"line":3110},[1050,6349,3274],{"class":1498},[1050,6351,6352],{"class":1502},"Additional CSRF validation for sensitive operations",[1050,6354,1506],{"class":1498},[1050,6356,6357],{"class":1052,"line":3115},[1050,6358,1598],{"class":1110},[1050,6360,6361],{"class":1052,"line":3121},[1050,6362,6363],{"class":1056}," # Check request timing (prevent replay attacks)\n",[1050,6365,6366,6369,6371,6373,6375,6377,6379,6381,6383,6385,6388,6390],{"class":1052,"line":3142},[1050,6367,6368],{"class":1110}," csrf_time ",[1050,6370,1181],{"class":1063},[1050,6372,1515],{"class":1110},[1050,6374,1358],{"class":1063},[1050,6376,1213],{"class":1549},[1050,6378,1358],{"class":1063},[1050,6380,1555],{"class":1554},[1050,6382,1366],{"class":1063},[1050,6384,1369],{"class":1184},[1050,6386,6387],{"class":1188},"csrf_timestamp",[1050,6389,1369],{"class":1184},[1050,6391,1566],{"class":1063},[1050,6393,6394,6396,6399],{"class":1052,"line":3167},[1050,6395,2484],{"class":1511},[1050,6397,6398],{"class":1110}," csrf_time",[1050,6400,1535],{"class":1063},[1050,6402,6403,6405],{"class":1052,"line":3172},[1050,6404,2665],{"class":1511},[1050,6406,1535],{"class":1063},[1050,6408,6409,6412,6414,6417,6419,6422],{"class":1052,"line":3195},[1050,6410,6411],{"class":1110}," timestamp ",[1050,6413,1181],{"class":1063},[1050,6415,6416],{"class":2990}," float",[1050,6418,1366],{"class":1063},[1050,6420,6421],{"class":1554},"csrf_time",[1050,6423,1566],{"class":1063},[1050,6425,6426,6429,6432,6434,6437,6439,6442,6445,6447,6450,6452],{"class":1052,"line":3205},[1050,6427,6428],{"class":1511}," if",[1050,6430,6431],{"class":1110}," time",[1050,6433,1358],{"class":1063},[1050,6435,6436],{"class":1554},"time",[1050,6438,1384],{"class":1063},[1050,6440,6441],{"class":1524}," -",[1050,6443,6444],{"class":1110}," timestamp ",[1050,6446,1107],{"class":1524},[1050,6448,6449],{"class":1842}," 300",[1050,6451,2646],{"class":1063},[1050,6453,6454],{"class":1056}," # 5 minutes max\n",[1050,6456,6457,6460],{"class":1052,"line":3219},[1050,6458,6459],{"class":1511}," return",[1050,6461,1976],{"class":1856},[1050,6463,6464,6466,6468,6471,6473,6476],{"class":1052,"line":3230},[1050,6465,2702],{"class":1511},[1050,6467,3764],{"class":1063},[1050,6469,6470],{"class":2990},"ValueError",[1050,6472,1639],{"class":1063},[1050,6474,6475],{"class":2990}," TypeError",[1050,6477,1493],{"class":1063},[1050,6479,6480,6482],{"class":1052,"line":3245},[1050,6481,2618],{"class":1511},[1050,6483,1976],{"class":1856},[1050,6485,6486],{"class":1052,"line":3250},[1050,6487,1598],{"class":1110},[1050,6489,6490],{"class":1052,"line":3271},[1050,6491,6492],{"class":1056}," # Check referrer for additional validation\n",[1050,6494,6495,6498,6500,6502,6504,6506,6508,6510,6512,6514,6517,6519,6521,6523],{"class":1052,"line":3282},[1050,6496,6497],{"class":1110}," referer ",[1050,6499,1181],{"class":1063},[1050,6501,1515],{"class":1110},[1050,6503,1358],{"class":1063},[1050,6505,5255],{"class":1549},[1050,6507,1358],{"class":1063},[1050,6509,1555],{"class":1554},[1050,6511,1366],{"class":1063},[1050,6513,1369],{"class":1184},[1050,6515,6516],{"class":1188},"HTTP_REFERER",[1050,6518,1369],{"class":1184},[1050,6520,1639],{"class":1063},[1050,6522,3788],{"class":1184},[1050,6524,1566],{"class":1063},[1050,6526,6527,6529,6531,6534,6536,6538,6540,6542,6545,6547,6549,6551,6554,6556,6558,6560],{"class":1052,"line":3305},[1050,6528,2484],{"class":1511},[1050,6530,3344],{"class":1524},[1050,6532,6533],{"class":1110}," referer",[1050,6535,1358],{"class":1063},[1050,6537,6305],{"class":1554},[1050,6539,1366],{"class":1063},[1050,6541,2880],{"class":1480},[1050,6543,6544],{"class":1188},"\"https://",[1050,6546,2843],{"class":2842},[1050,6548,1490],{"class":1554},[1050,6550,1358],{"class":1063},[1050,6552,6553],{"class":1554},"get_host",[1050,6555,1384],{"class":1063},[1050,6557,2848],{"class":2842},[1050,6559,1185],{"class":1188},[1050,6561,1493],{"class":1063},[1050,6563,6564,6566],{"class":1052,"line":3328},[1050,6565,3368],{"class":1511},[1050,6567,1976],{"class":1856},[1050,6569,6570],{"class":1052,"line":3333},[1050,6571,1598],{"class":1110},[1050,6573,6574,6576],{"class":1052,"line":3339},[1050,6575,1653],{"class":1511},[1050,6577,3703],{"class":1856},[1050,6579,6580],{"class":1052,"line":3365},[1050,6581,1161],{"class":1110},[1050,6583,6584,6586,6589,6591,6593,6595,6597,6599,6601],{"class":1052,"line":3384},[1050,6585,3253],{"class":1480},[1050,6587,6588],{"class":1361}," record_csrf_failure",[1050,6590,1366],{"class":1063},[1050,6592,3262],{"class":3261},[1050,6594,1639],{"class":1063},[1050,6596,1515],{"class":1489},[1050,6598,1639],{"class":1063},[1050,6600,5156],{"class":1489},[1050,6602,1493],{"class":1063},[1050,6604,6605,6607,6610],{"class":1052,"line":3389},[1050,6606,3274],{"class":1498},[1050,6608,6609],{"class":1502},"Record CSRF failure for monitoring",[1050,6611,1506],{"class":1498},[1050,6613,6614,6616,6618,6620,6622,6624,6626,6628],{"class":1052,"line":3395},[1050,6615,5834],{"class":1110},[1050,6617,1181],{"class":1063},[1050,6619,3347],{"class":1791},[1050,6621,1358],{"class":1063},[1050,6623,5843],{"class":1554},[1050,6625,1366],{"class":1063},[1050,6627,1490],{"class":1554},[1050,6629,1566],{"class":1063},[1050,6631,6632,6634,6636,6638,6640,6642,6644,6646],{"class":1052,"line":3403},[1050,6633,5854],{"class":1110},[1050,6635,1181],{"class":1063},[1050,6637,2836],{"class":1480},[1050,6639,5861],{"class":1188},[1050,6641,2843],{"class":2842},[1050,6643,5866],{"class":1110},[1050,6645,2848],{"class":2842},[1050,6647,5871],{"class":1188},[1050,6649,6650],{"class":1052,"line":3435},[1050,6651,1598],{"class":1110},[1050,6653,6654],{"class":1052,"line":3468},[1050,6655,6656],{"class":1056}," # Increment failure count\n",[1050,6658,6659,6661,6663,6665,6667,6669,6671,6673,6675,6677,6679,6681],{"class":1052,"line":3488},[1050,6660,5876],{"class":1110},[1050,6662,1181],{"class":1063},[1050,6664,5881],{"class":1110},[1050,6666,1358],{"class":1063},[1050,6668,1555],{"class":1554},[1050,6670,1366],{"class":1063},[1050,6672,5890],{"class":1554},[1050,6674,1639],{"class":1063},[1050,6676,3844],{"class":1842},[1050,6678,1376],{"class":1063},[1050,6680,3927],{"class":1524},[1050,6682,6683],{"class":1842}," 1\n",[1050,6685,6686,6689,6691,6694,6696,6698,6700,6703,6705,6708,6710],{"class":1052,"line":3493},[1050,6687,6688],{"class":1110}," cache",[1050,6690,1358],{"class":1063},[1050,6692,6693],{"class":1554},"set",[1050,6695,1366],{"class":1063},[1050,6697,5890],{"class":1554},[1050,6699,1639],{"class":1063},[1050,6701,6702],{"class":1554}," failure_count",[1050,6704,1639],{"class":1063},[1050,6706,6707],{"class":1842}," 3600",[1050,6709,1376],{"class":1063},[1050,6711,6712],{"class":1056}," # 1 hour\n",[1050,6714,6715],{"class":1052,"line":3507},[1050,6716,1598],{"class":1110},[1050,6718,6719],{"class":1052,"line":3545},[1050,6720,6721],{"class":1056}," # Log failure\n",[1050,6723,6724,6727,6729,6731,6733,6735,6737,6739,6741,6743,6745,6747,6749],{"class":1052,"line":3562},[1050,6725,6726],{"class":1110}," logger",[1050,6728,1358],{"class":1063},[1050,6730,5191],{"class":1554},[1050,6732,1366],{"class":1063},[1050,6734,2880],{"class":1480},[1050,6736,5198],{"class":1188},[1050,6738,2843],{"class":2842},[1050,6740,5203],{"class":1554},[1050,6742,2848],{"class":2842},[1050,6744,1185],{"class":1188},[1050,6746,1639],{"class":1063},[1050,6748,5212],{"class":2691},[1050,6750,5215],{"class":1063},[1050,6752,6753,6755,6757,6759,6761,6764],{"class":1052,"line":3567},[1050,6754,4357],{"class":1184},[1050,6756,5223],{"class":1188},[1050,6758,1369],{"class":1184},[1050,6760,2646],{"class":1063},[1050,6762,6763],{"class":1554}," client_ip",[1050,6765,4328],{"class":1063},[1050,6767,6768,6770,6772,6774,6776,6778,6780,6782,6784,6786,6788,6790,6792,6794,6796,6798],{"class":1052,"line":3589},[1050,6769,4357],{"class":1184},[1050,6771,5244],{"class":1188},[1050,6773,1369],{"class":1184},[1050,6775,2646],{"class":1063},[1050,6777,1515],{"class":1554},[1050,6779,1358],{"class":1063},[1050,6781,5255],{"class":1549},[1050,6783,1358],{"class":1063},[1050,6785,1555],{"class":1554},[1050,6787,1366],{"class":1063},[1050,6789,1369],{"class":1184},[1050,6791,5266],{"class":1188},[1050,6793,1369],{"class":1184},[1050,6795,1639],{"class":1063},[1050,6797,3788],{"class":1184},[1050,6799,5237],{"class":1063},[1050,6801,6802,6804,6806,6808,6810,6812,6814,6816],{"class":1052,"line":3599},[1050,6803,4357],{"class":1184},[1050,6805,5281],{"class":1188},[1050,6807,1369],{"class":1184},[1050,6809,2646],{"class":1063},[1050,6811,1515],{"class":1554},[1050,6813,1358],{"class":1063},[1050,6815,5281],{"class":1520},[1050,6817,4328],{"class":1063},[1050,6819,6820,6822,6825,6827,6829,6831],{"class":1052,"line":3605},[1050,6821,4357],{"class":1184},[1050,6823,6824],{"class":1188},"failure_count",[1050,6826,1369],{"class":1184},[1050,6828,2646],{"class":1063},[1050,6830,6702],{"class":1554},[1050,6832,4328],{"class":1063},[1050,6834,6835],{"class":1052,"line":3634},[1050,6836,6837],{"class":1063}," })\n",[1050,6839,6840],{"class":1052,"line":3658},[1050,6841,1161],{"class":1110},[1050,6843,6844,6846,6848,6850,6852,6854,6856],{"class":1052,"line":3686},[1050,6845,3253],{"class":1480},[1050,6847,5230],{"class":1361},[1050,6849,1366],{"class":1063},[1050,6851,3262],{"class":3261},[1050,6853,1639],{"class":1063},[1050,6855,1515],{"class":1489},[1050,6857,1493],{"class":1063},[1050,6859,6860,6862,6865],{"class":1052,"line":3693},[1050,6861,3274],{"class":1498},[1050,6863,6864],{"class":1502},"Get client IP address",[1050,6866,1506],{"class":1498},[1050,6868,6869,6872,6874,6876,6878,6880,6882,6884,6886,6888,6891,6893],{"class":1052,"line":3698},[1050,6870,6871],{"class":1110}," x_forwarded_for ",[1050,6873,1181],{"class":1063},[1050,6875,1515],{"class":1110},[1050,6877,1358],{"class":1063},[1050,6879,5255],{"class":1549},[1050,6881,1358],{"class":1063},[1050,6883,1555],{"class":1554},[1050,6885,1366],{"class":1063},[1050,6887,1369],{"class":1184},[1050,6889,6890],{"class":1188},"HTTP_X_FORWARDED_FOR",[1050,6892,1369],{"class":1184},[1050,6894,1566],{"class":1063},[1050,6896,6898,6900,6903],{"class":1052,"line":6897},89,[1050,6899,2484],{"class":1511},[1050,6901,6902],{"class":1110}," x_forwarded_for",[1050,6904,1535],{"class":1063},[1050,6906,6908,6911,6913,6915,6917,6919,6921,6923,6925,6927,6930,6932],{"class":1052,"line":6907},90,[1050,6909,6910],{"class":1110}," ip ",[1050,6912,1181],{"class":1063},[1050,6914,6902],{"class":1110},[1050,6916,1358],{"class":1063},[1050,6918,3813],{"class":1554},[1050,6920,1366],{"class":1063},[1050,6922,1369],{"class":1184},[1050,6924,1639],{"class":1188},[1050,6926,1369],{"class":1184},[1050,6928,6929],{"class":1063},")[",[1050,6931,3916],{"class":1842},[1050,6933,1823],{"class":1063},[1050,6935,6937,6939],{"class":1052,"line":6936},91,[1050,6938,3015],{"class":1511},[1050,6940,1535],{"class":1063},[1050,6942,6944,6946,6948,6950,6952,6954,6956,6958,6960,6962,6965,6967],{"class":1052,"line":6943},92,[1050,6945,6910],{"class":1110},[1050,6947,1181],{"class":1063},[1050,6949,1515],{"class":1110},[1050,6951,1358],{"class":1063},[1050,6953,5255],{"class":1549},[1050,6955,1358],{"class":1063},[1050,6957,1555],{"class":1554},[1050,6959,1366],{"class":1063},[1050,6961,1369],{"class":1184},[1050,6963,6964],{"class":1188},"REMOTE_ADDR",[1050,6966,1369],{"class":1184},[1050,6968,1566],{"class":1063},[1050,6970,6972,6974],{"class":1052,"line":6971},93,[1050,6973,1653],{"class":1511},[1050,6975,6976],{"class":1110}," ip\n",[1030,6978,6980],{"id":6979},"csrf-exemptions-and-special-cases","CSRF Exemptions and Special Cases",[1035,6982,6984],{"id":6983},"when-to-exempt-views-from-csrf","When to Exempt Views from CSRF",[1040,6986,6988],{"className":1466,"code":6987,"language":1468,"meta":1045,"style":1045},"# views.py - CSRF exemptions (use carefully!)\nfrom django.views.decorators.csrf import csrf_exempt\nfrom django.utils.decorators import method_decorator\n\n# API endpoints that use other authentication methods\n@csrf_exempt\ndef api_webhook(request):\n \"\"\"Webhook endpoint with alternative authentication\"\"\"\n \n # Verify webhook signature instead of CSRF\n signature = request.META.get('HTTP_X_WEBHOOK_SIGNATURE')\n if not verify_webhook_signature(request.body, signature):\n return HttpResponseForbidden(\"Invalid signature\")\n \n # Process webhook\n data = json.loads(request.body)\n process_webhook_data(data)\n \n return JsonResponse({'status': 'success'})\n\n# Class-based view exemption\n@method_decorator(csrf_exempt, name='dispatch')\nclass APIWebhookView(View):\n \"\"\"API webhook with custom authentication\"\"\"\n \n def post(self, request):\n # Custom authentication logic\n if not self.authenticate_api_request(request):\n return HttpResponseForbidden(\"Authentication failed\")\n \n # Process request\n return JsonResponse({'status': 'received'})\n \n def authenticate_api_request(self, request):\n \"\"\"Custom API authentication\"\"\"\n api_key = request.META.get('HTTP_X_API_KEY')\n return api_key and verify_api_key(api_key)\n\n# Partial CSRF exemption for specific methods\nfrom django.views.decorators.csrf import requires_csrf_token\n\n@requires_csrf_token\ndef mixed_endpoint(request):\n \"\"\"Endpoint that requires CSRF for some methods but not others\"\"\"\n \n if request.method == 'GET':\n # GET requests don't need CSRF protection\n return render(request, 'form.html')\n \n elif request.method == 'POST':\n # POST requests are automatically protected by CSRF middleware\n # Process form submission\n pass\n",[1047,6989,6990,6995,7018,7038,7042,7047,7054,7067,7076,7080,7085,7113,7137,7155,7159,7164,7189,7201,7205,7231,7235,7240,7267,7281,7290,7294,7311,7316,7335,7352,7356,7361,7386,7390,7407,7416,7444,7464,7468,7473,7496,7500,7507,7520,7529,7533,7553,7558,7579,7583,7604,7609,7614],{"__ignoreMap":1045},[1050,6991,6992],{"class":1052,"line":1053},[1050,6993,6994],{"class":1056},"# views.py - CSRF exemptions (use carefully!)\n",[1050,6996,6997,6999,7001,7003,7005,7007,7009,7011,7013,7015],{"class":1052,"line":1060},[1050,6998,2338],{"class":1511},[1050,7000,2341],{"class":1110},[1050,7002,1358],{"class":1063},[1050,7004,2346],{"class":1110},[1050,7006,1358],{"class":1063},[1050,7008,2351],{"class":1110},[1050,7010,1358],{"class":1063},[1050,7012,2356],{"class":1110},[1050,7014,2359],{"class":1511},[1050,7016,7017],{"class":1110}," csrf_exempt\n",[1050,7019,7020,7022,7024,7026,7029,7031,7033,7035],{"class":1052,"line":1078},[1050,7021,2338],{"class":1511},[1050,7023,2341],{"class":1110},[1050,7025,1358],{"class":1063},[1050,7027,7028],{"class":1110},"utils",[1050,7030,1358],{"class":1063},[1050,7032,2383],{"class":1110},[1050,7034,2359],{"class":1511},[1050,7036,7037],{"class":1110}," method_decorator\n",[1050,7039,7040],{"class":1052,"line":1088},[1050,7041,1700],{"emptyLinePlaceholder":1699},[1050,7043,7044],{"class":1052,"line":1098},[1050,7045,7046],{"class":1056},"# API endpoints that use other authentication methods\n",[1050,7048,7049,7051],{"class":1052,"line":1121},[1050,7050,2397],{"class":1063},[1050,7052,7053],{"class":1361},"csrf_exempt\n",[1050,7055,7056,7058,7061,7063,7065],{"class":1052,"line":1130},[1050,7057,1481],{"class":1480},[1050,7059,7060],{"class":1361}," api_webhook",[1050,7062,1366],{"class":1063},[1050,7064,1490],{"class":1489},[1050,7066,1493],{"class":1063},[1050,7068,7069,7071,7074],{"class":1052,"line":1140},[1050,7070,1499],{"class":1498},[1050,7072,7073],{"class":1502},"Webhook endpoint with alternative authentication",[1050,7075,1506],{"class":1498},[1050,7077,7078],{"class":1052,"line":1158},[1050,7079,1161],{"class":1110},[1050,7081,7082],{"class":1052,"line":1164},[1050,7083,7084],{"class":1056}," # Verify webhook signature instead of CSRF\n",[1050,7086,7087,7090,7092,7094,7096,7098,7100,7102,7104,7106,7109,7111],{"class":1052,"line":1170},[1050,7088,7089],{"class":1110}," signature ",[1050,7091,1181],{"class":1063},[1050,7093,1515],{"class":1110},[1050,7095,1358],{"class":1063},[1050,7097,5255],{"class":1549},[1050,7099,1358],{"class":1063},[1050,7101,1555],{"class":1554},[1050,7103,1366],{"class":1063},[1050,7105,1369],{"class":1184},[1050,7107,7108],{"class":1188},"HTTP_X_WEBHOOK_SIGNATURE",[1050,7110,1369],{"class":1184},[1050,7112,1566],{"class":1063},[1050,7114,7115,7117,7119,7122,7124,7126,7128,7130,7132,7135],{"class":1052,"line":1232},[1050,7116,1512],{"class":1511},[1050,7118,3344],{"class":1524},[1050,7120,7121],{"class":1554}," verify_webhook_signature",[1050,7123,1366],{"class":1063},[1050,7125,1490],{"class":1554},[1050,7127,1358],{"class":1063},[1050,7129,1135],{"class":1520},[1050,7131,1639],{"class":1063},[1050,7133,7134],{"class":1554}," signature",[1050,7136,1493],{"class":1063},[1050,7138,7139,7141,7144,7146,7148,7151,7153],{"class":1052,"line":1279},[1050,7140,1653],{"class":1511},[1050,7142,7143],{"class":1554}," HttpResponseForbidden",[1050,7145,1366],{"class":1063},[1050,7147,1185],{"class":1184},[1050,7149,7150],{"class":1188},"Invalid signature",[1050,7152,1185],{"class":1184},[1050,7154,1566],{"class":1063},[1050,7156,7157],{"class":1052,"line":1320},[1050,7158,1161],{"class":1110},[1050,7160,7161],{"class":1052,"line":1330},[1050,7162,7163],{"class":1056}," # Process webhook\n",[1050,7165,7166,7169,7171,7174,7176,7179,7181,7183,7185,7187],{"class":1052,"line":1335},[1050,7167,7168],{"class":1110}," data ",[1050,7170,1181],{"class":1063},[1050,7172,7173],{"class":1110}," json",[1050,7175,1358],{"class":1063},[1050,7177,7178],{"class":1554},"loads",[1050,7180,1366],{"class":1063},[1050,7182,1490],{"class":1554},[1050,7184,1358],{"class":1063},[1050,7186,1135],{"class":1520},[1050,7188,1566],{"class":1063},[1050,7190,7191,7194,7196,7199],{"class":1052,"line":1345},[1050,7192,7193],{"class":1554}," process_webhook_data",[1050,7195,1366],{"class":1063},[1050,7197,7198],{"class":1554},"data",[1050,7200,1566],{"class":1063},[1050,7202,7203],{"class":1052,"line":1351},[1050,7204,1161],{"class":1110},[1050,7206,7207,7209,7211,7214,7216,7219,7221,7223,7225,7227,7229],{"class":1052,"line":1390},[1050,7208,1676],{"class":1511},[1050,7210,5397],{"class":1554},[1050,7212,7213],{"class":1063},"({",[1050,7215,1369],{"class":1184},[1050,7217,7218],{"class":1188},"status",[1050,7220,1369],{"class":1184},[1050,7222,2646],{"class":1063},[1050,7224,1528],{"class":1184},[1050,7226,2827],{"class":1188},[1050,7228,1369],{"class":1184},[1050,7230,2651],{"class":1063},[1050,7232,7233],{"class":1052,"line":1399},[1050,7234,1700],{"emptyLinePlaceholder":1699},[1050,7236,7237],{"class":1052,"line":1404},[1050,7238,7239],{"class":1056},"# Class-based view exemption\n",[1050,7241,7242,7244,7247,7249,7252,7254,7256,7258,7260,7263,7265],{"class":1052,"line":1410},[1050,7243,2397],{"class":1063},[1050,7245,7246],{"class":1361},"method_decorator",[1050,7248,1366],{"class":1063},[1050,7250,7251],{"class":1554},"csrf_exempt",[1050,7253,1639],{"class":1063},[1050,7255,1253],{"class":2691},[1050,7257,1181],{"class":1063},[1050,7259,1369],{"class":1184},[1050,7261,7262],{"class":1188},"dispatch",[1050,7264,1369],{"class":1184},[1050,7266,1566],{"class":1063},[1050,7268,7269,7271,7274,7276,7279],{"class":1052,"line":1444},[1050,7270,3175],{"class":1480},[1050,7272,7273],{"class":3178}," APIWebhookView",[1050,7275,1366],{"class":1063},[1050,7277,7278],{"class":3184},"View",[1050,7280,1493],{"class":1063},[1050,7282,7283,7285,7288],{"class":1052,"line":1453},[1050,7284,1499],{"class":1498},[1050,7286,7287],{"class":1502},"API webhook with custom authentication",[1050,7289,1506],{"class":1498},[1050,7291,7292],{"class":1052,"line":1957},[1050,7293,1161],{"class":1110},[1050,7295,7296,7298,7301,7303,7305,7307,7309],{"class":1052,"line":1968},[1050,7297,3253],{"class":1480},[1050,7299,7300],{"class":1361}," post",[1050,7302,1366],{"class":1063},[1050,7304,3262],{"class":3261},[1050,7306,1639],{"class":1063},[1050,7308,1515],{"class":1489},[1050,7310,1493],{"class":1063},[1050,7312,7313],{"class":1052,"line":2714},[1050,7314,7315],{"class":1056}," # Custom authentication logic\n",[1050,7317,7318,7320,7322,7324,7326,7329,7331,7333],{"class":1052,"line":2738},[1050,7319,2484],{"class":1511},[1050,7321,3344],{"class":1524},[1050,7323,3347],{"class":1791},[1050,7325,1358],{"class":1063},[1050,7327,7328],{"class":1554},"authenticate_api_request",[1050,7330,1366],{"class":1063},[1050,7332,1490],{"class":1554},[1050,7334,1493],{"class":1063},[1050,7336,7337,7339,7341,7343,7345,7348,7350],{"class":1052,"line":2773},[1050,7338,3368],{"class":1511},[1050,7340,7143],{"class":1554},[1050,7342,1366],{"class":1063},[1050,7344,1185],{"class":1184},[1050,7346,7347],{"class":1188},"Authentication failed",[1050,7349,1185],{"class":1184},[1050,7351,1566],{"class":1063},[1050,7353,7354],{"class":1052,"line":2778},[1050,7355,1598],{"class":1110},[1050,7357,7358],{"class":1052,"line":2784},[1050,7359,7360],{"class":1056}," # Process request\n",[1050,7362,7363,7365,7367,7369,7371,7373,7375,7377,7379,7382,7384],{"class":1052,"line":2791},[1050,7364,1653],{"class":1511},[1050,7366,5397],{"class":1554},[1050,7368,7213],{"class":1063},[1050,7370,1369],{"class":1184},[1050,7372,7218],{"class":1188},[1050,7374,1369],{"class":1184},[1050,7376,2646],{"class":1063},[1050,7378,1528],{"class":1184},[1050,7380,7381],{"class":1188},"received",[1050,7383,1369],{"class":1184},[1050,7385,2651],{"class":1063},[1050,7387,7388],{"class":1052,"line":2820},[1050,7389,1161],{"class":1110},[1050,7391,7392,7394,7397,7399,7401,7403,7405],{"class":1052,"line":2855},[1050,7393,3253],{"class":1480},[1050,7395,7396],{"class":1361}," authenticate_api_request",[1050,7398,1366],{"class":1063},[1050,7400,3262],{"class":3261},[1050,7402,1639],{"class":1063},[1050,7404,1515],{"class":1489},[1050,7406,1493],{"class":1063},[1050,7408,7409,7411,7414],{"class":1052,"line":2861},[1050,7410,3274],{"class":1498},[1050,7412,7413],{"class":1502},"Custom API authentication",[1050,7415,1506],{"class":1498},[1050,7417,7418,7421,7423,7425,7427,7429,7431,7433,7435,7437,7440,7442],{"class":1052,"line":2867},[1050,7419,7420],{"class":1110}," api_key ",[1050,7422,1181],{"class":1063},[1050,7424,1515],{"class":1110},[1050,7426,1358],{"class":1063},[1050,7428,5255],{"class":1549},[1050,7430,1358],{"class":1063},[1050,7432,1555],{"class":1554},[1050,7434,1366],{"class":1063},[1050,7436,1369],{"class":1184},[1050,7438,7439],{"class":1188},"HTTP_X_API_KEY",[1050,7441,1369],{"class":1184},[1050,7443,1566],{"class":1063},[1050,7445,7446,7448,7451,7454,7457,7459,7462],{"class":1052,"line":2923},[1050,7447,1653],{"class":1511},[1050,7449,7450],{"class":1110}," api_key ",[1050,7452,7453],{"class":1524},"and",[1050,7455,7456],{"class":1554}," verify_api_key",[1050,7458,1366],{"class":1063},[1050,7460,7461],{"class":1554},"api_key",[1050,7463,1566],{"class":1063},[1050,7465,7466],{"class":1052,"line":2928},[1050,7467,1700],{"emptyLinePlaceholder":1699},[1050,7469,7470],{"class":1052,"line":2947},[1050,7471,7472],{"class":1056},"# Partial CSRF exemption for specific methods\n",[1050,7474,7475,7477,7479,7481,7483,7485,7487,7489,7491,7493],{"class":1052,"line":2952},[1050,7476,2338],{"class":1511},[1050,7478,2341],{"class":1110},[1050,7480,1358],{"class":1063},[1050,7482,2346],{"class":1110},[1050,7484,1358],{"class":1063},[1050,7486,2351],{"class":1110},[1050,7488,1358],{"class":1063},[1050,7490,2356],{"class":1110},[1050,7492,2359],{"class":1511},[1050,7494,7495],{"class":1110}," requires_csrf_token\n",[1050,7497,7498],{"class":1052,"line":2968},[1050,7499,1700],{"emptyLinePlaceholder":1699},[1050,7501,7502,7504],{"class":1052,"line":3007},[1050,7503,2397],{"class":1063},[1050,7505,7506],{"class":1361},"requires_csrf_token\n",[1050,7508,7509,7511,7514,7516,7518],{"class":1052,"line":3012},[1050,7510,1481],{"class":1480},[1050,7512,7513],{"class":1361}," mixed_endpoint",[1050,7515,1366],{"class":1063},[1050,7517,1490],{"class":1489},[1050,7519,1493],{"class":1063},[1050,7521,7522,7524,7527],{"class":1052,"line":3020},[1050,7523,1499],{"class":1498},[1050,7525,7526],{"class":1502},"Endpoint that requires CSRF for some methods but not others",[1050,7528,1506],{"class":1498},[1050,7530,7531],{"class":1052,"line":3045},[1050,7532,1161],{"class":1110},[1050,7534,7535,7537,7539,7541,7543,7545,7547,7549,7551],{"class":1052,"line":3050},[1050,7536,1512],{"class":1511},[1050,7538,1515],{"class":1110},[1050,7540,1358],{"class":1063},[1050,7542,1521],{"class":1520},[1050,7544,1525],{"class":1524},[1050,7546,1528],{"class":1184},[1050,7548,4100],{"class":1188},[1050,7550,1369],{"class":1184},[1050,7552,1535],{"class":1063},[1050,7554,7555],{"class":1052,"line":3058},[1050,7556,7557],{"class":1056}," # GET requests don't need CSRF protection\n",[1050,7559,7560,7562,7564,7566,7568,7570,7572,7575,7577],{"class":1052,"line":3070},[1050,7561,1653],{"class":1511},[1050,7563,1679],{"class":1554},[1050,7565,1366],{"class":1063},[1050,7567,1490],{"class":1554},[1050,7569,1639],{"class":1063},[1050,7571,1528],{"class":1184},[1050,7573,7574],{"class":1188},"form.html",[1050,7576,1369],{"class":1184},[1050,7578,1566],{"class":1063},[1050,7580,7581],{"class":1052,"line":3075},[1050,7582,1161],{"class":1110},[1050,7584,7585,7588,7590,7592,7594,7596,7598,7600,7602],{"class":1052,"line":3110},[1050,7586,7587],{"class":1511}," elif",[1050,7589,1515],{"class":1110},[1050,7591,1358],{"class":1063},[1050,7593,1521],{"class":1520},[1050,7595,1525],{"class":1524},[1050,7597,1528],{"class":1184},[1050,7599,1213],{"class":1188},[1050,7601,1369],{"class":1184},[1050,7603,1535],{"class":1063},[1050,7605,7606],{"class":1052,"line":3115},[1050,7607,7608],{"class":1056}," # POST requests are automatically protected by CSRF middleware\n",[1050,7610,7611],{"class":1052,"line":3121},[1050,7612,7613],{"class":1056}," # Process form submission\n",[1050,7615,7616],{"class":1052,"line":3142},[1050,7617,7618],{"class":1511}," pass\n",[1035,7620,7622],{"id":7621},"api-authentication-vs-csrf","API Authentication vs CSRF",[1040,7624,7626],{"className":1466,"code":7625,"language":1468,"meta":1045,"style":1045},"# API views with token authentication instead of CSRF\nfrom rest_framework.decorators import api_view, authentication_classes, permission_classes\nfrom rest_framework.authentication import TokenAuthentication\nfrom rest_framework.permissions import IsAuthenticated\n\n@api_view(['POST'])\n@authentication_classes([TokenAuthentication])\n@permission_classes([IsAuthenticated])\ndef api_transfer_money(request):\n \"\"\"API endpoint with token authentication (no CSRF needed)\"\"\"\n \n serializer = MoneyTransferSerializer(data=request.data)\n if serializer.is_valid():\n # Additional API-specific validation\n if not validate_api_transfer_limits(request.user, serializer.validated_data):\n return Response({'error': 'Transfer limits exceeded'}, status=400)\n \n # Process transfer\n try:\n result = process_money_transfer(\n user=request.user,\n **serializer.validated_data\n )\n return Response({'status': 'success', 'transaction_id': result.id})\n \n except TransferError as e:\n return Response({'error': str(e)}, status=400)\n \n return Response(serializer.errors, status=400)\n\n# Custom authentication middleware for APIs\nclass APIAuthenticationMiddleware:\n \"\"\"Custom API authentication that bypasses CSRF for authenticated API requests\"\"\"\n \n def __init__(self, get_response):\n self.get_response = get_response\n \n def __call__(self, request):\n # Check if this is an API request with valid token\n if request.path.startswith('/api/'):\n api_token = request.META.get('HTTP_AUTHORIZATION')\n if api_token and api_token.startswith('Token '):\n token = api_token[6:] # Remove 'Token ' prefix\n user = self.authenticate_token(token)\n if user:\n request.user = user\n # Mark request as API authenticated (bypass CSRF)\n request._dont_enforce_csrf_checks = True\n \n response = self.get_response(request)\n return response\n \n def authenticate_token(self, token):\n \"\"\"Authenticate API token\"\"\"\n try:\n from rest_framework.authtoken.models import Token\n token_obj = Token.objects.get(key=token)\n return token_obj.user\n except Token.DoesNotExist:\n return None\n",[1047,7627,7628,7633,7659,7675,7691,7695,7714,7728,7742,7755,7764,7768,7792,7805,7810,7838,7874,7878,7883,7889,7902,7917,7930,7935,7977,7981,7993,8027,8031,8056,8060,8065,8074,8083,8087,8105,8120,8124,8141,8146,8171,8199,8226,8246,8266,8275,8289,8294,8307,8311,8330,8337,8341,8359,8368,8374,8396,8425,8437,8449],{"__ignoreMap":1045},[1050,7629,7630],{"class":1052,"line":1053},[1050,7631,7632],{"class":1056},"# API views with token authentication instead of CSRF\n",[1050,7634,7635,7637,7640,7642,7644,7646,7649,7651,7654,7656],{"class":1052,"line":1060},[1050,7636,2338],{"class":1511},[1050,7638,7639],{"class":1110}," rest_framework",[1050,7641,1358],{"class":1063},[1050,7643,2383],{"class":1110},[1050,7645,2359],{"class":1511},[1050,7647,7648],{"class":1110}," api_view",[1050,7650,1639],{"class":1063},[1050,7652,7653],{"class":1110}," authentication_classes",[1050,7655,1639],{"class":1063},[1050,7657,7658],{"class":1110}," permission_classes\n",[1050,7660,7661,7663,7665,7667,7670,7672],{"class":1052,"line":1078},[1050,7662,2338],{"class":1511},[1050,7664,7639],{"class":1110},[1050,7666,1358],{"class":1063},[1050,7668,7669],{"class":1110},"authentication ",[1050,7671,2359],{"class":1511},[1050,7673,7674],{"class":1110}," TokenAuthentication\n",[1050,7676,7677,7679,7681,7683,7686,7688],{"class":1052,"line":1088},[1050,7678,2338],{"class":1511},[1050,7680,7639],{"class":1110},[1050,7682,1358],{"class":1063},[1050,7684,7685],{"class":1110},"permissions ",[1050,7687,2359],{"class":1511},[1050,7689,7690],{"class":1110}," IsAuthenticated\n",[1050,7692,7693],{"class":1052,"line":1098},[1050,7694,1700],{"emptyLinePlaceholder":1699},[1050,7696,7697,7699,7702,7705,7707,7709,7711],{"class":1052,"line":1121},[1050,7698,2397],{"class":1063},[1050,7700,7701],{"class":1361},"api_view",[1050,7703,7704],{"class":1063},"([",[1050,7706,1369],{"class":1184},[1050,7708,1213],{"class":1188},[1050,7710,1369],{"class":1184},[1050,7712,7713],{"class":1063},"])\n",[1050,7715,7716,7718,7721,7723,7726],{"class":1052,"line":1130},[1050,7717,2397],{"class":1063},[1050,7719,7720],{"class":1361},"authentication_classes",[1050,7722,7704],{"class":1063},[1050,7724,7725],{"class":1554},"TokenAuthentication",[1050,7727,7713],{"class":1063},[1050,7729,7730,7732,7735,7737,7740],{"class":1052,"line":1140},[1050,7731,2397],{"class":1063},[1050,7733,7734],{"class":1361},"permission_classes",[1050,7736,7704],{"class":1063},[1050,7738,7739],{"class":1554},"IsAuthenticated",[1050,7741,7713],{"class":1063},[1050,7743,7744,7746,7749,7751,7753],{"class":1052,"line":1158},[1050,7745,1481],{"class":1480},[1050,7747,7748],{"class":1361}," api_transfer_money",[1050,7750,1366],{"class":1063},[1050,7752,1490],{"class":1489},[1050,7754,1493],{"class":1063},[1050,7756,7757,7759,7762],{"class":1052,"line":1164},[1050,7758,1499],{"class":1498},[1050,7760,7761],{"class":1502},"API endpoint with token authentication (no CSRF needed)",[1050,7763,1506],{"class":1498},[1050,7765,7766],{"class":1052,"line":1170},[1050,7767,1161],{"class":1110},[1050,7769,7770,7773,7775,7778,7780,7782,7784,7786,7788,7790],{"class":1052,"line":1232},[1050,7771,7772],{"class":1110}," serializer ",[1050,7774,1181],{"class":1063},[1050,7776,7777],{"class":1554}," MoneyTransferSerializer",[1050,7779,1366],{"class":1063},[1050,7781,7198],{"class":2691},[1050,7783,1181],{"class":1063},[1050,7785,1490],{"class":1554},[1050,7787,1358],{"class":1063},[1050,7789,7198],{"class":1520},[1050,7791,1566],{"class":1063},[1050,7793,7794,7796,7799,7801,7803],{"class":1052,"line":1279},[1050,7795,1512],{"class":1511},[1050,7797,7798],{"class":1110}," serializer",[1050,7800,1358],{"class":1063},[1050,7802,2492],{"class":1554},[1050,7804,2495],{"class":1063},[1050,7806,7807],{"class":1052,"line":1320},[1050,7808,7809],{"class":1056}," # Additional API-specific validation\n",[1050,7811,7812,7814,7816,7819,7821,7823,7825,7827,7829,7831,7833,7836],{"class":1052,"line":1330},[1050,7813,2484],{"class":1511},[1050,7815,3344],{"class":1524},[1050,7817,7818],{"class":1554}," validate_api_transfer_limits",[1050,7820,1366],{"class":1063},[1050,7822,1490],{"class":1554},[1050,7824,1358],{"class":1063},[1050,7826,1617],{"class":1520},[1050,7828,1639],{"class":1063},[1050,7830,7798],{"class":1554},[1050,7832,1358],{"class":1063},[1050,7834,7835],{"class":1520},"validated_data",[1050,7837,1493],{"class":1063},[1050,7839,7840,7842,7845,7847,7849,7851,7853,7855,7857,7860,7862,7865,7867,7869,7872],{"class":1052,"line":1335},[1050,7841,3368],{"class":1511},[1050,7843,7844],{"class":1554}," Response",[1050,7846,7213],{"class":1063},[1050,7848,1369],{"class":1184},[1050,7850,2597],{"class":1188},[1050,7852,1369],{"class":1184},[1050,7854,2646],{"class":1063},[1050,7856,1528],{"class":1184},[1050,7858,7859],{"class":1188},"Transfer limits exceeded",[1050,7861,1369],{"class":1184},[1050,7863,7864],{"class":1063},"},",[1050,7866,4460],{"class":2691},[1050,7868,1181],{"class":1063},[1050,7870,7871],{"class":1842},"400",[1050,7873,1566],{"class":1063},[1050,7875,7876],{"class":1052,"line":1345},[1050,7877,1598],{"class":1110},[1050,7879,7880],{"class":1052,"line":1351},[1050,7881,7882],{"class":1056}," # Process transfer\n",[1050,7884,7885,7887],{"class":1052,"line":1390},[1050,7886,3398],{"class":1511},[1050,7888,1535],{"class":1063},[1050,7890,7891,7894,7896,7899],{"class":1052,"line":1399},[1050,7892,7893],{"class":1110}," result ",[1050,7895,1181],{"class":1063},[1050,7897,7898],{"class":1554}," process_money_transfer",[1050,7900,7901],{"class":1063},"(\n",[1050,7903,7904,7907,7909,7911,7913,7915],{"class":1052,"line":1404},[1050,7905,7906],{"class":2691}," user",[1050,7908,1181],{"class":1063},[1050,7910,1490],{"class":1554},[1050,7912,1358],{"class":1063},[1050,7914,1617],{"class":1520},[1050,7916,4328],{"class":1063},[1050,7918,7919,7922,7925,7927],{"class":1052,"line":1410},[1050,7920,7921],{"class":1524}," **",[1050,7923,7924],{"class":1554},"serializer",[1050,7926,1358],{"class":1063},[1050,7928,7929],{"class":1520},"validated_data\n",[1050,7931,7932],{"class":1052,"line":1444},[1050,7933,7934],{"class":1063}," )\n",[1050,7936,7937,7939,7941,7943,7945,7947,7949,7951,7953,7955,7957,7959,7961,7964,7966,7968,7970,7972,7975],{"class":1052,"line":1453},[1050,7938,3368],{"class":1511},[1050,7940,7844],{"class":1554},[1050,7942,7213],{"class":1063},[1050,7944,1369],{"class":1184},[1050,7946,7218],{"class":1188},[1050,7948,1369],{"class":1184},[1050,7950,2646],{"class":1063},[1050,7952,1528],{"class":1184},[1050,7954,2827],{"class":1188},[1050,7956,1369],{"class":1184},[1050,7958,1639],{"class":1063},[1050,7960,1528],{"class":1184},[1050,7962,7963],{"class":1188},"transaction_id",[1050,7965,1369],{"class":1184},[1050,7967,2646],{"class":1063},[1050,7969,4725],{"class":1554},[1050,7971,1358],{"class":1063},[1050,7973,7974],{"class":1520},"id",[1050,7976,2651],{"class":1063},[1050,7978,7979],{"class":1052,"line":1957},[1050,7980,2553],{"class":1110},[1050,7982,7983,7985,7987,7989,7991],{"class":1052,"line":1968},[1050,7984,3496],{"class":1511},[1050,7986,2957],{"class":1110},[1050,7988,2960],{"class":1511},[1050,7990,2963],{"class":1110},[1050,7992,1535],{"class":1063},[1050,7994,7995,7997,7999,8001,8003,8005,8007,8009,8012,8014,8016,8019,8021,8023,8025],{"class":1052,"line":2714},[1050,7996,3368],{"class":1511},[1050,7998,7844],{"class":1554},[1050,8000,7213],{"class":1063},[1050,8002,1369],{"class":1184},[1050,8004,2597],{"class":1188},[1050,8006,1369],{"class":1184},[1050,8008,2646],{"class":1063},[1050,8010,8011],{"class":2990}," str",[1050,8013,1366],{"class":1063},[1050,8015,2996],{"class":1554},[1050,8017,8018],{"class":1063},")},",[1050,8020,4460],{"class":2691},[1050,8022,1181],{"class":1063},[1050,8024,7871],{"class":1842},[1050,8026,1566],{"class":1063},[1050,8028,8029],{"class":1052,"line":2738},[1050,8030,1161],{"class":1110},[1050,8032,8033,8035,8037,8039,8041,8043,8046,8048,8050,8052,8054],{"class":1052,"line":2773},[1050,8034,1676],{"class":1511},[1050,8036,7844],{"class":1554},[1050,8038,1366],{"class":1063},[1050,8040,7924],{"class":1554},[1050,8042,1358],{"class":1063},[1050,8044,8045],{"class":1520},"errors",[1050,8047,1639],{"class":1063},[1050,8049,4460],{"class":2691},[1050,8051,1181],{"class":1063},[1050,8053,7871],{"class":1842},[1050,8055,1566],{"class":1063},[1050,8057,8058],{"class":1052,"line":2778},[1050,8059,1700],{"emptyLinePlaceholder":1699},[1050,8061,8062],{"class":1052,"line":2784},[1050,8063,8064],{"class":1056},"# Custom authentication middleware for APIs\n",[1050,8066,8067,8069,8072],{"class":1052,"line":2791},[1050,8068,3175],{"class":1480},[1050,8070,8071],{"class":3178}," APIAuthenticationMiddleware",[1050,8073,1535],{"class":1063},[1050,8075,8076,8078,8081],{"class":1052,"line":2820},[1050,8077,1499],{"class":1498},[1050,8079,8080],{"class":1502},"Custom API authentication that bypasses CSRF for authenticated API requests",[1050,8082,1506],{"class":1498},[1050,8084,8085],{"class":1052,"line":2855},[1050,8086,1161],{"class":1110},[1050,8088,8089,8091,8094,8096,8098,8100,8103],{"class":1052,"line":2861},[1050,8090,3253],{"class":1480},[1050,8092,8093],{"class":5306}," __init__",[1050,8095,1366],{"class":1063},[1050,8097,3262],{"class":3261},[1050,8099,1639],{"class":1063},[1050,8101,8102],{"class":1489}," get_response",[1050,8104,1493],{"class":1063},[1050,8106,8107,8110,8112,8115,8117],{"class":1052,"line":2867},[1050,8108,8109],{"class":1791}," self",[1050,8111,1358],{"class":1063},[1050,8113,8114],{"class":1520},"get_response",[1050,8116,1795],{"class":1063},[1050,8118,8119],{"class":1110}," get_response\n",[1050,8121,8122],{"class":1052,"line":2923},[1050,8123,1161],{"class":1110},[1050,8125,8126,8128,8131,8133,8135,8137,8139],{"class":1052,"line":2928},[1050,8127,3253],{"class":1480},[1050,8129,8130],{"class":5306}," __call__",[1050,8132,1366],{"class":1063},[1050,8134,3262],{"class":3261},[1050,8136,1639],{"class":1063},[1050,8138,1515],{"class":1489},[1050,8140,1493],{"class":1063},[1050,8142,8143],{"class":1052,"line":2947},[1050,8144,8145],{"class":1056}," # Check if this is an API request with valid token\n",[1050,8147,8148,8150,8152,8154,8156,8158,8160,8162,8164,8167,8169],{"class":1052,"line":2952},[1050,8149,2484],{"class":1511},[1050,8151,1515],{"class":1110},[1050,8153,1358],{"class":1063},[1050,8155,5281],{"class":1520},[1050,8157,1358],{"class":1063},[1050,8159,6305],{"class":1554},[1050,8161,1366],{"class":1063},[1050,8163,1369],{"class":1184},[1050,8165,8166],{"class":1188},"/api/",[1050,8168,1369],{"class":1184},[1050,8170,1493],{"class":1063},[1050,8172,8173,8176,8178,8180,8182,8184,8186,8188,8190,8192,8195,8197],{"class":1052,"line":2968},[1050,8174,8175],{"class":1110}," api_token ",[1050,8177,1181],{"class":1063},[1050,8179,1515],{"class":1110},[1050,8181,1358],{"class":1063},[1050,8183,5255],{"class":1549},[1050,8185,1358],{"class":1063},[1050,8187,1555],{"class":1554},[1050,8189,1366],{"class":1063},[1050,8191,1369],{"class":1184},[1050,8193,8194],{"class":1188},"HTTP_AUTHORIZATION",[1050,8196,1369],{"class":1184},[1050,8198,1566],{"class":1063},[1050,8200,8201,8203,8206,8208,8211,8213,8215,8217,8219,8222,8224],{"class":1052,"line":3007},[1050,8202,2563],{"class":1511},[1050,8204,8205],{"class":1110}," api_token ",[1050,8207,7453],{"class":1524},[1050,8209,8210],{"class":1110}," api_token",[1050,8212,1358],{"class":1063},[1050,8214,6305],{"class":1554},[1050,8216,1366],{"class":1063},[1050,8218,1369],{"class":1184},[1050,8220,8221],{"class":1188},"Token ",[1050,8223,1369],{"class":1184},[1050,8225,1493],{"class":1063},[1050,8227,8228,8231,8233,8235,8237,8240,8243],{"class":1052,"line":3012},[1050,8229,8230],{"class":1110}," token ",[1050,8232,1181],{"class":1063},[1050,8234,8210],{"class":1110},[1050,8236,2517],{"class":1063},[1050,8238,8239],{"class":1842},"6",[1050,8241,8242],{"class":1063},":]",[1050,8244,8245],{"class":1056}," # Remove 'Token ' prefix\n",[1050,8247,8248,8251,8253,8255,8257,8260,8262,8264],{"class":1052,"line":3020},[1050,8249,8250],{"class":1110}," user ",[1050,8252,1181],{"class":1063},[1050,8254,3347],{"class":1791},[1050,8256,1358],{"class":1063},[1050,8258,8259],{"class":1554},"authenticate_token",[1050,8261,1366],{"class":1063},[1050,8263,5112],{"class":1554},[1050,8265,1566],{"class":1063},[1050,8267,8268,8270,8273],{"class":1052,"line":3045},[1050,8269,6428],{"class":1511},[1050,8271,8272],{"class":1110}," user",[1050,8274,1535],{"class":1063},[1050,8276,8277,8280,8282,8284,8286],{"class":1052,"line":3050},[1050,8278,8279],{"class":1110}," request",[1050,8281,1358],{"class":1063},[1050,8283,1617],{"class":1520},[1050,8285,1795],{"class":1063},[1050,8287,8288],{"class":1110}," user\n",[1050,8290,8291],{"class":1052,"line":3058},[1050,8292,8293],{"class":1056}," # Mark request as API authenticated (bypass CSRF)\n",[1050,8295,8296,8298,8300,8303,8305],{"class":1052,"line":3070},[1050,8297,8279],{"class":1110},[1050,8299,1358],{"class":1063},[1050,8301,8302],{"class":1520},"_dont_enforce_csrf_checks",[1050,8304,1795],{"class":1063},[1050,8306,3703],{"class":1856},[1050,8308,8309],{"class":1052,"line":3075},[1050,8310,1598],{"class":1110},[1050,8312,8313,8316,8318,8320,8322,8324,8326,8328],{"class":1052,"line":3110},[1050,8314,8315],{"class":1110}," response ",[1050,8317,1181],{"class":1063},[1050,8319,3347],{"class":1791},[1050,8321,1358],{"class":1063},[1050,8323,8114],{"class":1554},[1050,8325,1366],{"class":1063},[1050,8327,1490],{"class":1554},[1050,8329,1566],{"class":1063},[1050,8331,8332,8334],{"class":1052,"line":3115},[1050,8333,1653],{"class":1511},[1050,8335,8336],{"class":1110}," response\n",[1050,8338,8339],{"class":1052,"line":3121},[1050,8340,1161],{"class":1110},[1050,8342,8343,8345,8348,8350,8352,8354,8357],{"class":1052,"line":3142},[1050,8344,3253],{"class":1480},[1050,8346,8347],{"class":1361}," authenticate_token",[1050,8349,1366],{"class":1063},[1050,8351,3262],{"class":3261},[1050,8353,1639],{"class":1063},[1050,8355,8356],{"class":1489}," token",[1050,8358,1493],{"class":1063},[1050,8360,8361,8363,8366],{"class":1052,"line":3167},[1050,8362,3274],{"class":1498},[1050,8364,8365],{"class":1502},"Authenticate API token",[1050,8367,1506],{"class":1498},[1050,8369,8370,8372],{"class":1052,"line":3172},[1050,8371,3398],{"class":1511},[1050,8373,1535],{"class":1063},[1050,8375,8376,8379,8381,8383,8386,8388,8391,8393],{"class":1052,"line":3195},[1050,8377,8378],{"class":1511}," from",[1050,8380,7639],{"class":1110},[1050,8382,1358],{"class":1063},[1050,8384,8385],{"class":1110},"authtoken",[1050,8387,1358],{"class":1063},[1050,8389,8390],{"class":1110},"models ",[1050,8392,2359],{"class":1511},[1050,8394,8395],{"class":1110}," Token\n",[1050,8397,8398,8401,8403,8406,8408,8410,8412,8414,8416,8419,8421,8423],{"class":1052,"line":3205},[1050,8399,8400],{"class":1110}," token_obj ",[1050,8402,1181],{"class":1063},[1050,8404,8405],{"class":1110}," Token",[1050,8407,1358],{"class":1063},[1050,8409,2682],{"class":1520},[1050,8411,1358],{"class":1063},[1050,8413,1555],{"class":1554},[1050,8415,1366],{"class":1063},[1050,8417,8418],{"class":2691},"key",[1050,8420,1181],{"class":1063},[1050,8422,5112],{"class":1554},[1050,8424,1566],{"class":1063},[1050,8426,8427,8429,8432,8434],{"class":1052,"line":3219},[1050,8428,3368],{"class":1511},[1050,8430,8431],{"class":1110}," token_obj",[1050,8433,1358],{"class":1063},[1050,8435,8436],{"class":1520},"user\n",[1050,8438,8439,8441,8443,8445,8447],{"class":1052,"line":3230},[1050,8440,3496],{"class":1511},[1050,8442,8405],{"class":1110},[1050,8444,1358],{"class":1063},[1050,8446,2709],{"class":1520},[1050,8448,1535],{"class":1063},[1050,8450,8451,8453],{"class":1052,"line":3245},[1050,8452,3368],{"class":1511},[1050,8454,1857],{"class":1856},[1030,8456,8458],{"id":8457},"testing-csrf-protection","Testing CSRF Protection",[1035,8460,8462],{"id":8461},"unit-tests-for-csrf","Unit Tests for CSRF",[1040,8464,8466],{"className":1466,"code":8465,"language":1468,"meta":1045,"style":1045},"# tests.py - Testing CSRF protection\nfrom django.test import TestCase, Client\nfrom django.contrib.auth.models import User\nfrom django.urls import reverse\n\nclass CSRFProtectionTests(TestCase):\n \"\"\"Test CSRF protection functionality\"\"\"\n \n def setUp(self):\n self.client = Client(enforce_csrf_checks=True)\n self.user = User.objects.create_user(\n username='testuser',\n password='testpass123'\n )\n \n def test_csrf_protection_enabled(self):\n \"\"\"Test that CSRF protection is enabled\"\"\"\n self.client.login(username='testuser', password='testpass123')\n \n # POST without CSRF token should fail\n response = self.client.post(reverse('transfer_money'), {\n 'amount': 100,\n 'to_account': '12345'\n })\n \n self.assertEqual(response.status_code, 403)\n \n def test_csrf_token_required(self):\n \"\"\"Test that valid CSRF token allows request\"\"\"\n self.client.login(username='testuser', password='testpass123')\n \n # Get CSRF token\n response = self.client.get(reverse('transfer_form'))\n csrf_token = response.context['csrf_token']\n \n # POST with valid CSRF token should succeed\n response = self.client.post(reverse('transfer_money'), {\n 'amount': 100,\n 'to_account': '12345',\n 'csrfmiddlewaretoken': csrf_token\n })\n \n self.assertNotEqual(response.status_code, 403)\n \n def test_ajax_csrf_protection(self):\n \"\"\"Test CSRF protection for AJAX requests\"\"\"\n self.client.login(username='testuser', password='testpass123')\n \n # Get CSRF token\n response = self.client.get(reverse('transfer_form'))\n csrf_token = response.cookies['csrftoken'].value\n \n # AJAX request with CSRF header\n response = self.client.post(\n reverse('api_transfer_money'),\n {'amount': 100, 'to_account': '12345'},\n HTTP_X_CSRFTOKEN=csrf_token,\n content_type='application/json'\n )\n \n self.assertNotEqual(response.status_code, 403)\n \n def test_csrf_exemption(self):\n \"\"\"Test that exempted views don't require CSRF\"\"\"\n # Webhook endpoint should not require CSRF\n response = self.client.post(reverse('api_webhook'), {\n 'event': 'payment_received',\n 'amount': 100\n }, HTTP_X_WEBHOOK_SIGNATURE='valid_signature')\n \n # Should not return 403 (CSRF failure)\n self.assertNotEqual(response.status_code, 403)\n",[1047,8467,8468,8473,8494,8517,8533,8537,8551,8560,8564,8577,8603,8627,8643,8657,8662,8666,8679,8688,8728,8732,8737,8772,8787,8804,8808,8812,8837,8841,8854,8863,8901,8905,8910,8942,8967,8971,8976,9008,9022,9040,9053,9057,9061,9084,9088,9101,9110,9148,9152,9156,9186,9213,9217,9222,9240,9256,9290,9301,9314,9318,9322,9344,9348,9361,9370,9375,9408,9428,9441,9459,9463,9468],{"__ignoreMap":1045},[1050,8469,8470],{"class":1052,"line":1053},[1050,8471,8472],{"class":1056},"# tests.py - Testing CSRF protection\n",[1050,8474,8475,8477,8479,8481,8484,8486,8489,8491],{"class":1052,"line":1060},[1050,8476,2338],{"class":1511},[1050,8478,2341],{"class":1110},[1050,8480,1358],{"class":1063},[1050,8482,8483],{"class":1110},"test ",[1050,8485,2359],{"class":1511},[1050,8487,8488],{"class":1110}," TestCase",[1050,8490,1639],{"class":1063},[1050,8492,8493],{"class":1110}," Client\n",[1050,8495,8496,8498,8500,8502,8504,8506,8508,8510,8512,8514],{"class":1052,"line":1078},[1050,8497,2338],{"class":1511},[1050,8499,2341],{"class":1110},[1050,8501,1358],{"class":1063},[1050,8503,2373],{"class":1110},[1050,8505,1358],{"class":1063},[1050,8507,2378],{"class":1110},[1050,8509,1358],{"class":1063},[1050,8511,8390],{"class":1110},[1050,8513,2359],{"class":1511},[1050,8515,8516],{"class":1110}," User\n",[1050,8518,8519,8521,8523,8525,8528,8530],{"class":1052,"line":1088},[1050,8520,2338],{"class":1511},[1050,8522,2341],{"class":1110},[1050,8524,1358],{"class":1063},[1050,8526,8527],{"class":1110},"urls ",[1050,8529,2359],{"class":1511},[1050,8531,8532],{"class":1110}," reverse\n",[1050,8534,8535],{"class":1052,"line":1098},[1050,8536,1700],{"emptyLinePlaceholder":1699},[1050,8538,8539,8541,8544,8546,8549],{"class":1052,"line":1121},[1050,8540,3175],{"class":1480},[1050,8542,8543],{"class":3178}," CSRFProtectionTests",[1050,8545,1366],{"class":1063},[1050,8547,8548],{"class":3184},"TestCase",[1050,8550,1493],{"class":1063},[1050,8552,8553,8555,8558],{"class":1052,"line":1130},[1050,8554,1499],{"class":1498},[1050,8556,8557],{"class":1502},"Test CSRF protection functionality",[1050,8559,1506],{"class":1498},[1050,8561,8562],{"class":1052,"line":1140},[1050,8563,1161],{"class":1110},[1050,8565,8566,8568,8571,8573,8575],{"class":1052,"line":1158},[1050,8567,3253],{"class":1480},[1050,8569,8570],{"class":1361}," setUp",[1050,8572,1366],{"class":1063},[1050,8574,3262],{"class":3261},[1050,8576,1493],{"class":1063},[1050,8578,8579,8581,8583,8586,8588,8591,8593,8596,8598,8601],{"class":1052,"line":1164},[1050,8580,8109],{"class":1791},[1050,8582,1358],{"class":1063},[1050,8584,8585],{"class":1520},"client",[1050,8587,1795],{"class":1063},[1050,8589,8590],{"class":1554}," Client",[1050,8592,1366],{"class":1063},[1050,8594,8595],{"class":2691},"enforce_csrf_checks",[1050,8597,1181],{"class":1063},[1050,8599,8600],{"class":1856},"True",[1050,8602,1566],{"class":1063},[1050,8604,8605,8607,8609,8611,8613,8616,8618,8620,8622,8625],{"class":1052,"line":1170},[1050,8606,8109],{"class":1791},[1050,8608,1358],{"class":1063},[1050,8610,1617],{"class":1520},[1050,8612,1795],{"class":1063},[1050,8614,8615],{"class":1110}," User",[1050,8617,1358],{"class":1063},[1050,8619,2682],{"class":1520},[1050,8621,1358],{"class":1063},[1050,8623,8624],{"class":1554},"create_user",[1050,8626,7901],{"class":1063},[1050,8628,8629,8632,8634,8636,8639,8641],{"class":1052,"line":1232},[1050,8630,8631],{"class":2691}," username",[1050,8633,1181],{"class":1063},[1050,8635,1369],{"class":1184},[1050,8637,8638],{"class":1188},"testuser",[1050,8640,1369],{"class":1184},[1050,8642,4328],{"class":1063},[1050,8644,8645,8648,8650,8652,8655],{"class":1052,"line":1279},[1050,8646,8647],{"class":2691}," password",[1050,8649,1181],{"class":1063},[1050,8651,1369],{"class":1184},[1050,8653,8654],{"class":1188},"testpass123",[1050,8656,1885],{"class":1184},[1050,8658,8659],{"class":1052,"line":1320},[1050,8660,8661],{"class":1063}," )\n",[1050,8663,8664],{"class":1052,"line":1330},[1050,8665,1161],{"class":1110},[1050,8667,8668,8670,8673,8675,8677],{"class":1052,"line":1335},[1050,8669,3253],{"class":1480},[1050,8671,8672],{"class":1361}," test_csrf_protection_enabled",[1050,8674,1366],{"class":1063},[1050,8676,3262],{"class":3261},[1050,8678,1493],{"class":1063},[1050,8680,8681,8683,8686],{"class":1052,"line":1345},[1050,8682,3274],{"class":1498},[1050,8684,8685],{"class":1502},"Test that CSRF protection is enabled",[1050,8687,1506],{"class":1498},[1050,8689,8690,8692,8694,8696,8698,8701,8703,8705,8707,8709,8711,8713,8715,8718,8720,8722,8724,8726],{"class":1052,"line":1351},[1050,8691,8109],{"class":1791},[1050,8693,1358],{"class":1063},[1050,8695,8585],{"class":1520},[1050,8697,1358],{"class":1063},[1050,8699,8700],{"class":1554},"login",[1050,8702,1366],{"class":1063},[1050,8704,2896],{"class":2691},[1050,8706,1181],{"class":1063},[1050,8708,1369],{"class":1184},[1050,8710,8638],{"class":1188},[1050,8712,1369],{"class":1184},[1050,8714,1639],{"class":1063},[1050,8716,8717],{"class":2691}," password",[1050,8719,1181],{"class":1063},[1050,8721,1369],{"class":1184},[1050,8723,8654],{"class":1188},[1050,8725,1369],{"class":1184},[1050,8727,1566],{"class":1063},[1050,8729,8730],{"class":1052,"line":1390},[1050,8731,1598],{"class":1110},[1050,8733,8734],{"class":1052,"line":1399},[1050,8735,8736],{"class":1056}," # POST without CSRF token should fail\n",[1050,8738,8739,8741,8743,8745,8747,8749,8751,8753,8755,8758,8760,8762,8765,8767,8770],{"class":1052,"line":1404},[1050,8740,8315],{"class":1110},[1050,8742,1181],{"class":1063},[1050,8744,3347],{"class":1791},[1050,8746,1358],{"class":1063},[1050,8748,8585],{"class":1520},[1050,8750,1358],{"class":1063},[1050,8752,2005],{"class":1554},[1050,8754,1366],{"class":1063},[1050,8756,8757],{"class":1554},"reverse",[1050,8759,1366],{"class":1063},[1050,8761,1369],{"class":1184},[1050,8763,8764],{"class":1188},"transfer_money",[1050,8766,1369],{"class":1184},[1050,8768,8769],{"class":1063},"),",[1050,8771,3741],{"class":1063},[1050,8773,8774,8776,8778,8780,8782,8785],{"class":1052,"line":1410},[1050,8775,4357],{"class":1184},[1050,8777,1260],{"class":1188},[1050,8779,1369],{"class":1184},[1050,8781,2646],{"class":1063},[1050,8783,8784],{"class":1842}," 100",[1050,8786,4328],{"class":1063},[1050,8788,8789,8791,8793,8795,8797,8799,8802],{"class":1052,"line":1444},[1050,8790,4357],{"class":1184},[1050,8792,1302],{"class":1188},[1050,8794,1369],{"class":1184},[1050,8796,2646],{"class":1063},[1050,8798,1528],{"class":1184},[1050,8800,8801],{"class":1188},"12345",[1050,8803,1885],{"class":1184},[1050,8805,8806],{"class":1052,"line":1453},[1050,8807,6837],{"class":1063},[1050,8809,8810],{"class":1052,"line":1957},[1050,8811,1598],{"class":1110},[1050,8813,8814,8816,8818,8821,8823,8825,8827,8830,8832,8835],{"class":1052,"line":1968},[1050,8815,8109],{"class":1791},[1050,8817,1358],{"class":1063},[1050,8819,8820],{"class":1554},"assertEqual",[1050,8822,1366],{"class":1063},[1050,8824,4416],{"class":1554},[1050,8826,1358],{"class":1063},[1050,8828,8829],{"class":1520},"status_code",[1050,8831,1639],{"class":1063},[1050,8833,8834],{"class":1842}," 403",[1050,8836,1566],{"class":1063},[1050,8838,8839],{"class":1052,"line":2714},[1050,8840,1161],{"class":1110},[1050,8842,8843,8845,8848,8850,8852],{"class":1052,"line":2738},[1050,8844,3253],{"class":1480},[1050,8846,8847],{"class":1361}," test_csrf_token_required",[1050,8849,1366],{"class":1063},[1050,8851,3262],{"class":3261},[1050,8853,1493],{"class":1063},[1050,8855,8856,8858,8861],{"class":1052,"line":2773},[1050,8857,3274],{"class":1498},[1050,8859,8860],{"class":1502},"Test that valid CSRF token allows request",[1050,8862,1506],{"class":1498},[1050,8864,8865,8867,8869,8871,8873,8875,8877,8879,8881,8883,8885,8887,8889,8891,8893,8895,8897,8899],{"class":1052,"line":2778},[1050,8866,8109],{"class":1791},[1050,8868,1358],{"class":1063},[1050,8870,8585],{"class":1520},[1050,8872,1358],{"class":1063},[1050,8874,8700],{"class":1554},[1050,8876,1366],{"class":1063},[1050,8878,2896],{"class":2691},[1050,8880,1181],{"class":1063},[1050,8882,1369],{"class":1184},[1050,8884,8638],{"class":1188},[1050,8886,1369],{"class":1184},[1050,8888,1639],{"class":1063},[1050,8890,8717],{"class":2691},[1050,8892,1181],{"class":1063},[1050,8894,1369],{"class":1184},[1050,8896,8654],{"class":1188},[1050,8898,1369],{"class":1184},[1050,8900,1566],{"class":1063},[1050,8902,8903],{"class":1052,"line":2784},[1050,8904,1598],{"class":1110},[1050,8906,8907],{"class":1052,"line":2791},[1050,8908,8909],{"class":1056}," # Get CSRF token\n",[1050,8911,8912,8914,8916,8918,8920,8922,8924,8926,8928,8930,8932,8934,8937,8939],{"class":1052,"line":2820},[1050,8913,8315],{"class":1110},[1050,8915,1181],{"class":1063},[1050,8917,3347],{"class":1791},[1050,8919,1358],{"class":1063},[1050,8921,8585],{"class":1520},[1050,8923,1358],{"class":1063},[1050,8925,1555],{"class":1554},[1050,8927,1366],{"class":1063},[1050,8929,8757],{"class":1554},[1050,8931,1366],{"class":1063},[1050,8933,1369],{"class":1184},[1050,8935,8936],{"class":1188},"transfer_form",[1050,8938,1369],{"class":1184},[1050,8940,8941],{"class":1063},"))\n",[1050,8943,8944,8947,8949,8951,8953,8956,8958,8960,8963,8965],{"class":1052,"line":2855},[1050,8945,8946],{"class":1110}," csrf_token ",[1050,8948,1181],{"class":1063},[1050,8950,4552],{"class":1110},[1050,8952,1358],{"class":1063},[1050,8954,8955],{"class":1520},"context",[1050,8957,2517],{"class":1063},[1050,8959,1369],{"class":1184},[1050,8961,8962],{"class":1188},"csrf_token",[1050,8964,1369],{"class":1184},[1050,8966,1823],{"class":1063},[1050,8968,8969],{"class":1052,"line":2861},[1050,8970,1598],{"class":1110},[1050,8972,8973],{"class":1052,"line":2867},[1050,8974,8975],{"class":1056}," # POST with valid CSRF token should succeed\n",[1050,8977,8978,8980,8982,8984,8986,8988,8990,8992,8994,8996,8998,9000,9002,9004,9006],{"class":1052,"line":2923},[1050,8979,8315],{"class":1110},[1050,8981,1181],{"class":1063},[1050,8983,3347],{"class":1791},[1050,8985,1358],{"class":1063},[1050,8987,8585],{"class":1520},[1050,8989,1358],{"class":1063},[1050,8991,2005],{"class":1554},[1050,8993,1366],{"class":1063},[1050,8995,8757],{"class":1554},[1050,8997,1366],{"class":1063},[1050,8999,1369],{"class":1184},[1050,9001,8764],{"class":1188},[1050,9003,1369],{"class":1184},[1050,9005,8769],{"class":1063},[1050,9007,3741],{"class":1063},[1050,9009,9010,9012,9014,9016,9018,9020],{"class":1052,"line":2928},[1050,9011,4357],{"class":1184},[1050,9013,1260],{"class":1188},[1050,9015,1369],{"class":1184},[1050,9017,2646],{"class":1063},[1050,9019,8784],{"class":1842},[1050,9021,4328],{"class":1063},[1050,9023,9024,9026,9028,9030,9032,9034,9036,9038],{"class":1052,"line":2947},[1050,9025,4357],{"class":1184},[1050,9027,1302],{"class":1188},[1050,9029,1369],{"class":1184},[1050,9031,2646],{"class":1063},[1050,9033,1528],{"class":1184},[1050,9035,8801],{"class":1188},[1050,9037,1369],{"class":1184},[1050,9039,4328],{"class":1063},[1050,9041,9042,9044,9046,9048,9050],{"class":1052,"line":2952},[1050,9043,4357],{"class":1184},[1050,9045,2304],{"class":1188},[1050,9047,1369],{"class":1184},[1050,9049,2646],{"class":1063},[1050,9051,9052],{"class":1554}," csrf_token\n",[1050,9054,9055],{"class":1052,"line":2968},[1050,9056,6837],{"class":1063},[1050,9058,9059],{"class":1052,"line":3007},[1050,9060,1598],{"class":1110},[1050,9062,9063,9065,9067,9070,9072,9074,9076,9078,9080,9082],{"class":1052,"line":3012},[1050,9064,8109],{"class":1791},[1050,9066,1358],{"class":1063},[1050,9068,9069],{"class":1554},"assertNotEqual",[1050,9071,1366],{"class":1063},[1050,9073,4416],{"class":1554},[1050,9075,1358],{"class":1063},[1050,9077,8829],{"class":1520},[1050,9079,1639],{"class":1063},[1050,9081,8834],{"class":1842},[1050,9083,1566],{"class":1063},[1050,9085,9086],{"class":1052,"line":3020},[1050,9087,1161],{"class":1110},[1050,9089,9090,9092,9095,9097,9099],{"class":1052,"line":3045},[1050,9091,3253],{"class":1480},[1050,9093,9094],{"class":1361}," test_ajax_csrf_protection",[1050,9096,1366],{"class":1063},[1050,9098,3262],{"class":3261},[1050,9100,1493],{"class":1063},[1050,9102,9103,9105,9108],{"class":1052,"line":3050},[1050,9104,3274],{"class":1498},[1050,9106,9107],{"class":1502},"Test CSRF protection for AJAX requests",[1050,9109,1506],{"class":1498},[1050,9111,9112,9114,9116,9118,9120,9122,9124,9126,9128,9130,9132,9134,9136,9138,9140,9142,9144,9146],{"class":1052,"line":3058},[1050,9113,8109],{"class":1791},[1050,9115,1358],{"class":1063},[1050,9117,8585],{"class":1520},[1050,9119,1358],{"class":1063},[1050,9121,8700],{"class":1554},[1050,9123,1366],{"class":1063},[1050,9125,2896],{"class":2691},[1050,9127,1181],{"class":1063},[1050,9129,1369],{"class":1184},[1050,9131,8638],{"class":1188},[1050,9133,1369],{"class":1184},[1050,9135,1639],{"class":1063},[1050,9137,8717],{"class":2691},[1050,9139,1181],{"class":1063},[1050,9141,1369],{"class":1184},[1050,9143,8654],{"class":1188},[1050,9145,1369],{"class":1184},[1050,9147,1566],{"class":1063},[1050,9149,9150],{"class":1052,"line":3070},[1050,9151,1598],{"class":1110},[1050,9153,9154],{"class":1052,"line":3075},[1050,9155,8909],{"class":1056},[1050,9157,9158,9160,9162,9164,9166,9168,9170,9172,9174,9176,9178,9180,9182,9184],{"class":1052,"line":3110},[1050,9159,8315],{"class":1110},[1050,9161,1181],{"class":1063},[1050,9163,3347],{"class":1791},[1050,9165,1358],{"class":1063},[1050,9167,8585],{"class":1520},[1050,9169,1358],{"class":1063},[1050,9171,1555],{"class":1554},[1050,9173,1366],{"class":1063},[1050,9175,8757],{"class":1554},[1050,9177,1366],{"class":1063},[1050,9179,1369],{"class":1184},[1050,9181,8936],{"class":1188},[1050,9183,1369],{"class":1184},[1050,9185,8941],{"class":1063},[1050,9187,9188,9190,9192,9194,9196,9199,9201,9203,9205,9207,9210],{"class":1052,"line":3115},[1050,9189,8946],{"class":1110},[1050,9191,1181],{"class":1063},[1050,9193,4552],{"class":1110},[1050,9195,1358],{"class":1063},[1050,9197,9198],{"class":1520},"cookies",[1050,9200,2517],{"class":1063},[1050,9202,1369],{"class":1184},[1050,9204,1882],{"class":1188},[1050,9206,1369],{"class":1184},[1050,9208,9209],{"class":1063},"].",[1050,9211,9212],{"class":1520},"value\n",[1050,9214,9215],{"class":1052,"line":3121},[1050,9216,1598],{"class":1110},[1050,9218,9219],{"class":1052,"line":3142},[1050,9220,9221],{"class":1056}," # AJAX request with CSRF header\n",[1050,9223,9224,9226,9228,9230,9232,9234,9236,9238],{"class":1052,"line":3167},[1050,9225,8315],{"class":1110},[1050,9227,1181],{"class":1063},[1050,9229,3347],{"class":1791},[1050,9231,1358],{"class":1063},[1050,9233,8585],{"class":1520},[1050,9235,1358],{"class":1063},[1050,9237,2005],{"class":1554},[1050,9239,7901],{"class":1063},[1050,9241,9242,9245,9247,9249,9252,9254],{"class":1052,"line":3172},[1050,9243,9244],{"class":1554}," reverse",[1050,9246,1366],{"class":1063},[1050,9248,1369],{"class":1184},[1050,9250,9251],{"class":1188},"api_transfer_money",[1050,9253,1369],{"class":1184},[1050,9255,5237],{"class":1063},[1050,9257,9258,9261,9263,9265,9267,9269,9271,9273,9275,9277,9279,9281,9283,9285,9287],{"class":1052,"line":3195},[1050,9259,9260],{"class":1063}," {",[1050,9262,1369],{"class":1184},[1050,9264,1260],{"class":1188},[1050,9266,1369],{"class":1184},[1050,9268,2646],{"class":1063},[1050,9270,8784],{"class":1842},[1050,9272,1639],{"class":1063},[1050,9274,1528],{"class":1184},[1050,9276,1302],{"class":1188},[1050,9278,1369],{"class":1184},[1050,9280,2646],{"class":1063},[1050,9282,1528],{"class":1184},[1050,9284,8801],{"class":1188},[1050,9286,1369],{"class":1184},[1050,9288,9289],{"class":1063},"},\n",[1050,9291,9292,9295,9297,9299],{"class":1052,"line":3205},[1050,9293,9294],{"class":2691}," HTTP_X_CSRFTOKEN",[1050,9296,1181],{"class":1063},[1050,9298,8962],{"class":1554},[1050,9300,4328],{"class":1063},[1050,9302,9303,9306,9308,9310,9312],{"class":1052,"line":3219},[1050,9304,9305],{"class":2691}," content_type",[1050,9307,1181],{"class":1063},[1050,9309,1369],{"class":1184},[1050,9311,5386],{"class":1188},[1050,9313,1885],{"class":1184},[1050,9315,9316],{"class":1052,"line":3230},[1050,9317,8661],{"class":1063},[1050,9319,9320],{"class":1052,"line":3245},[1050,9321,1598],{"class":1110},[1050,9323,9324,9326,9328,9330,9332,9334,9336,9338,9340,9342],{"class":1052,"line":3250},[1050,9325,8109],{"class":1791},[1050,9327,1358],{"class":1063},[1050,9329,9069],{"class":1554},[1050,9331,1366],{"class":1063},[1050,9333,4416],{"class":1554},[1050,9335,1358],{"class":1063},[1050,9337,8829],{"class":1520},[1050,9339,1639],{"class":1063},[1050,9341,8834],{"class":1842},[1050,9343,1566],{"class":1063},[1050,9345,9346],{"class":1052,"line":3271},[1050,9347,1161],{"class":1110},[1050,9349,9350,9352,9355,9357,9359],{"class":1052,"line":3282},[1050,9351,3253],{"class":1480},[1050,9353,9354],{"class":1361}," test_csrf_exemption",[1050,9356,1366],{"class":1063},[1050,9358,3262],{"class":3261},[1050,9360,1493],{"class":1063},[1050,9362,9363,9365,9368],{"class":1052,"line":3305},[1050,9364,3274],{"class":1498},[1050,9366,9367],{"class":1502},"Test that exempted views don't require CSRF",[1050,9369,1506],{"class":1498},[1050,9371,9372],{"class":1052,"line":3328},[1050,9373,9374],{"class":1056}," # Webhook endpoint should not require CSRF\n",[1050,9376,9377,9379,9381,9383,9385,9387,9389,9391,9393,9395,9397,9399,9402,9404,9406],{"class":1052,"line":3333},[1050,9378,8315],{"class":1110},[1050,9380,1181],{"class":1063},[1050,9382,3347],{"class":1791},[1050,9384,1358],{"class":1063},[1050,9386,8585],{"class":1520},[1050,9388,1358],{"class":1063},[1050,9390,2005],{"class":1554},[1050,9392,1366],{"class":1063},[1050,9394,8757],{"class":1554},[1050,9396,1366],{"class":1063},[1050,9398,1369],{"class":1184},[1050,9400,9401],{"class":1188},"api_webhook",[1050,9403,1369],{"class":1184},[1050,9405,8769],{"class":1063},[1050,9407,3741],{"class":1063},[1050,9409,9410,9412,9415,9417,9419,9421,9424,9426],{"class":1052,"line":3339},[1050,9411,4357],{"class":1184},[1050,9413,9414],{"class":1188},"event",[1050,9416,1369],{"class":1184},[1050,9418,2646],{"class":1063},[1050,9420,1528],{"class":1184},[1050,9422,9423],{"class":1188},"payment_received",[1050,9425,1369],{"class":1184},[1050,9427,4328],{"class":1063},[1050,9429,9430,9432,9434,9436,9438],{"class":1052,"line":3365},[1050,9431,4357],{"class":1184},[1050,9433,1260],{"class":1188},[1050,9435,1369],{"class":1184},[1050,9437,2646],{"class":1063},[1050,9439,9440],{"class":1842}," 100\n",[1050,9442,9443,9445,9448,9450,9452,9455,9457],{"class":1052,"line":3384},[1050,9444,5441],{"class":1063},[1050,9446,9447],{"class":2691}," HTTP_X_WEBHOOK_SIGNATURE",[1050,9449,1181],{"class":1063},[1050,9451,1369],{"class":1184},[1050,9453,9454],{"class":1188},"valid_signature",[1050,9456,1369],{"class":1184},[1050,9458,1566],{"class":1063},[1050,9460,9461],{"class":1052,"line":3389},[1050,9462,1598],{"class":1110},[1050,9464,9465],{"class":1052,"line":3395},[1050,9466,9467],{"class":1056}," # Should not return 403 (CSRF failure)\n",[1050,9469,9470,9472,9474,9476,9478,9480,9482,9484,9486,9488],{"class":1052,"line":3403},[1050,9471,8109],{"class":1791},[1050,9473,1358],{"class":1063},[1050,9475,9069],{"class":1554},[1050,9477,1366],{"class":1063},[1050,9479,4416],{"class":1554},[1050,9481,1358],{"class":1063},[1050,9483,8829],{"class":1520},[1050,9485,1639],{"class":1063},[1050,9487,8834],{"class":1842},[1050,9489,1566],{"class":1063},[1030,9491,921],{"id":9492},"best-practices",[1035,9494,9496],{"id":9495},"csrf-security-guidelines","CSRF Security Guidelines",[9498,9499,9500,9526,9552,9568,9584],"ol",{},[9501,9502,9503,9507],"li",{},[9504,9505,9506],"strong",{},"Always Use CSRF Protection",[9508,9509,9510,9516,9523],"ul",{},[9501,9511,9512,9513,9515],{},"Keep ",[1047,9514,5779],{}," enabled",[9501,9517,9518,9519,9522],{},"Use ",[1047,9520,9521],{},"{% csrf_token %}"," in all forms",[9501,9524,9525],{},"Include CSRF tokens in AJAX requests",[9501,9527,9528,9531],{},[9504,9529,9530],{},"Secure CSRF Configuration",[9508,9532,9533,9540,9546],{},[9501,9534,9535,9536,9539],{},"Set ",[1047,9537,9538],{},"CSRF_COOKIE_SECURE = True"," in production",[9501,9541,9518,9542,9545],{},[1047,9543,9544],{},"CSRF_COOKIE_SAMESITE = 'Strict'"," for maximum security",[9501,9547,9548,9549,9551],{},"Configure ",[1047,9550,1960],{}," carefully",[9501,9553,9554,9557],{},[9504,9555,9556],{},"Handle CSRF Failures Gracefully",[9508,9558,9559,9562,9565],{},[9501,9560,9561],{},"Provide user-friendly error messages",[9501,9563,9564],{},"Log CSRF failures for security monitoring",[9501,9566,9567],{},"Implement rate limiting for repeated failures",[9501,9569,9570,9573],{},[9504,9571,9572],{},"API Considerations",[9508,9574,9575,9578,9581],{},[9501,9576,9577],{},"Use proper authentication for APIs instead of CSRF exemption",[9501,9579,9580],{},"Document when and why CSRF is exempted",[9501,9582,9583],{},"Implement alternative security measures for exempted endpoints",[9501,9585,9586,9589],{},[9504,9587,9588],{},"Testing and Monitoring",[9508,9590,9591,9594,9597],{},[9501,9592,9593],{},"Test CSRF protection in automated tests",[9501,9595,9596],{},"Monitor CSRF failure rates",[9501,9598,9599],{},"Regular security audits of CSRF implementation",[1030,9601,9603],{"id":9602},"next-steps","Next Steps",[1026,9605,9606],{},"Now that you understand CSRF protection, let's explore Cross-Site Scripting (XSS) prevention and how Django helps protect against these attacks.",[9608,9609,9610],"style",{},"html pre.shiki code .s9Tkl, html code.shiki .s9Tkl{--shiki-light:#90A4AE;--shiki-light-font-style:italic;--shiki-default:#A0ADA0;--shiki-default-font-style:inherit;--shiki-dark:#758575DD;--shiki-dark-font-style:inherit}html pre.shiki code .soVBu, html code.shiki .soVBu{--shiki-light:#39ADB5;--shiki-default:#999999;--shiki-dark:#666666}html pre.shiki code .sJFLg, html code.shiki .sJFLg{--shiki-light:#E53935;--shiki-default:#1E754F;--shiki-dark:#4D9375}html pre.shiki code .s5q8q, html code.shiki .s5q8q{--shiki-light:#9C3EDA;--shiki-default:#B07D48;--shiki-dark:#BD976A}html pre.shiki code .sftqT, html code.shiki .sftqT{--shiki-light:#90A4AE;--shiki-default:#393A34;--shiki-dark:#DBD7CAEE}html pre.shiki code .sbYkP, html code.shiki .sbYkP{--shiki-light:#39ADB5;--shiki-default:#B5695977;--shiki-dark:#C98A7D77}html pre.shiki code .sTbE_, html code.shiki .sTbE_{--shiki-light:#91B859;--shiki-default:#B56959;--shiki-dark:#C98A7D}html pre.shiki code .sSC40, html code.shiki .sSC40{--shiki-light:#90A4AE;--shiki-default:#B07D48;--shiki-dark:#BD976A}html pre.shiki code .sljsM, html code.shiki .sljsM{--shiki-light:#6182B8;--shiki-default:#59873A;--shiki-dark:#80A665}html pre.shiki code .snCua, html code.shiki .snCua{--shiki-light:#90A4AE;--shiki-default:#999999;--shiki-dark:#666666}html .light .shiki span {color: var(--shiki-light);background: var(--shiki-light-bg);font-style: var(--shiki-light-font-style);font-weight: var(--shiki-light-font-weight);text-decoration: var(--shiki-light-text-decoration);}html.light .shiki span {color: var(--shiki-light);background: var(--shiki-light-bg);font-style: var(--shiki-light-font-style);font-weight: var(--shiki-light-font-weight);text-decoration: var(--shiki-light-text-decoration);}html .default .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html.dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html pre.shiki code .s5Kfy, html code.shiki .s5Kfy{--shiki-light:#9C3EDA;--shiki-default:#AB5959;--shiki-dark:#CB7676}html pre.shiki code .sCyAa, html code.shiki .sCyAa{--shiki-light:#90A4AE;--shiki-light-font-style:italic;--shiki-default:#393A34;--shiki-default-font-style:inherit;--shiki-dark:#DBD7CAEE;--shiki-dark-font-style:inherit}html pre.shiki code .sm7ve, html code.shiki .sm7ve{--shiki-light:#39ADB5;--shiki-light-font-style:italic;--shiki-default:#B5695977;--shiki-default-font-style:inherit;--shiki-dark:#C98A7D77;--shiki-dark-font-style:inherit}html pre.shiki code .sVyVU, html code.shiki .sVyVU{--shiki-light:#90A4AE;--shiki-light-font-style:italic;--shiki-default:#B56959;--shiki-default-font-style:inherit;--shiki-dark:#C98A7D;--shiki-dark-font-style:inherit}html pre.shiki code .siDh9, html code.shiki .siDh9{--shiki-light:#39ADB5;--shiki-light-font-style:italic;--shiki-default:#1E754F;--shiki-default-font-style:inherit;--shiki-dark:#4D9375;--shiki-dark-font-style:inherit}html pre.shiki code .sBPpx, html code.shiki .sBPpx{--shiki-light:#E53935;--shiki-default:#393A34;--shiki-dark:#DBD7CAEE}html pre.shiki code .sVsLi, html code.shiki .sVsLi{--shiki-light:#39ADB5;--shiki-default:#AB5959;--shiki-dark:#CB7676}html pre.shiki code .sFGJz, html code.shiki .sFGJz{--shiki-light:#E53935;--shiki-default:#A65E2B;--shiki-dark:#C99076}html pre.shiki code .siWMO, html code.shiki .siWMO{--shiki-light:#6182B8;--shiki-default:#393A34;--shiki-dark:#DBD7CAEE}html pre.shiki code .se3Ec, html code.shiki .se3Ec{--shiki-light:#90A4AE;--shiki-default:#A65E2B;--shiki-dark:#C99076}html pre.shiki code .s7CZa, html code.shiki .s7CZa{--shiki-light:#F76D47;--shiki-default:#2F798A;--shiki-dark:#4C9A91}html pre.shiki code .s8XtY, html code.shiki .s8XtY{--shiki-light:#39ADB5;--shiki-default:#1E754F;--shiki-dark:#4D9375}html pre.shiki code .sqOPj, html code.shiki .sqOPj{--shiki-light:#90A4AE;--shiki-light-font-style:italic;--shiki-default:#B07D48;--shiki-default-font-style:inherit;--shiki-dark:#BD976A;--shiki-dark-font-style:inherit}html pre.shiki code .s3h35, html code.shiki .s3h35{--shiki-light:#F76D47;--shiki-default:#A65E2B;--shiki-dark:#C99076}html pre.shiki code .sa2tF, html code.shiki .sa2tF{--shiki-light:#E2931D;--shiki-default:#998418;--shiki-dark:#B8A965}html pre.shiki code .sD-vU, html code.shiki .sD-vU{--shiki-light:#E2931D;--shiki-default:#2E8F82;--shiki-dark:#5DA994}html pre.shiki code .sYn-s, html code.shiki .sYn-s{--shiki-light:#E2931D;--shiki-default:#59873A;--shiki-dark:#80A665}html pre.shiki code .sRjD_, html code.shiki .sRjD_{--shiki-light:#E53935;--shiki-light-font-style:italic;--shiki-default:#393A34;--shiki-default-font-style:inherit;--shiki-dark:#DBD7CAEE;--shiki-dark-font-style:inherit}html pre.shiki code .sLdnO, html code.shiki .sLdnO{--shiki-light:#E53935;--shiki-default:#999999;--shiki-dark:#666666}html pre.shiki code .s131V, html code.shiki .s131V{--shiki-light:#90A4AE;--shiki-default:#998418;--shiki-dark:#B8A965}html pre.shiki code .s27EL, html code.shiki .s27EL{--shiki-light:#91B859;--shiki-default:#AB5E3F;--shiki-dark:#C4704F}html pre.shiki code .sETVe, html code.shiki .sETVe{--shiki-light:#39ADB5;--shiki-default:#A65E2B;--shiki-dark:#C99076}html pre.shiki code .suXOh, html code.shiki .suXOh{--shiki-light:#E53935;--shiki-default:#998418;--shiki-dark:#B8A965}html pre.shiki code .sQtxO, html code.shiki .sQtxO{--shiki-light:#E53935;--shiki-default:#B56959;--shiki-dark:#C98A7D}html pre.shiki code .sJdAF, html code.shiki .sJdAF{--shiki-light:#6182B8;--shiki-default:#998418;--shiki-dark:#B8A965}",{"title":1045,"searchDepth":1053,"depth":1060,"links":9612},[9613,9617,9622,9626,9631,9635,9638,9641],{"id":1032,"depth":1060,"text":1033,"children":9614},[9615,9616],{"id":1037,"depth":1078,"text":1038},{"id":1462,"depth":1078,"text":1463},{"id":1733,"depth":1060,"text":1734,"children":9618},[9619,9620,9621],{"id":1737,"depth":1078,"text":1738},{"id":1979,"depth":1078,"text":1980},{"id":2322,"depth":1078,"text":2323},{"id":3706,"depth":1060,"text":3707,"children":9623},[9624,9625],{"id":3710,"depth":1078,"text":3711},{"id":4844,"depth":1078,"text":4845},{"id":5125,"depth":1060,"text":5126,"children":9627},[9628,9629,9630],{"id":5129,"depth":1078,"text":5130},{"id":5569,"depth":1078,"text":5570},{"id":5704,"depth":1078,"text":5705},{"id":6979,"depth":1060,"text":6980,"children":9632},[9633,9634],{"id":6983,"depth":1078,"text":6984},{"id":7621,"depth":1078,"text":7622},{"id":8457,"depth":1060,"text":8458,"children":9636},[9637],{"id":8461,"depth":1078,"text":8462},{"id":9492,"depth":1060,"text":921,"children":9639},[9640],{"id":9495,"depth":1078,"text":9496},{"id":9602,"depth":1060,"text":9603},"md",null,{},{"title":551,"description":1028},"pgOpTpv3aOA-6tfmMOD1fpKaP09FBo2gzLYnhly_Ajs",[9648,9650],{"title":547,"path":548,"stem":549,"description":9649,"children":-1},"Django's approach to security is built on the principle of \"secure by default\" - providing robust security features out of the box while making it easy for developers to build secure applications. This chapter explores Django's security philosophy and core principles.",{"title":555,"path":556,"stem":557,"description":9651,"children":-1},"Cross-Site Scripting (XSS) is a vulnerability that allows attackers to inject malicious scripts into web pages viewed by other users. Django provides robust protection against XSS attacks through automatic template escaping and security best practices.",1772474938278]