Your CSRF tokens are ready to go, but you need to test them before putting them into production. In this video, learn how to unit test a form that includes a CSRF token.
- [Instructor] We're going to test the CSRF protection … for the journal view. … Specifically, we're testing to see what happens … where we delete a journal entry. … In this test, a user and a journal entry already exist. … We need to create a new HTTP client … and we need to make sure that it enforces CSRF checks. … Usually Django will skip these to make testing easier. … And then we are going to use Force Login … to login as the user. … So let's try, deleting, this journal entry … we're going to make a POST request. … And the data we're providing is the entry to delete … and that is the journal entry ID. … And we do not expect this to work. … So the response status code … should be a four or a three, … and the journal entry should still exist. … And the reason this won't work, … and why we want it to fail is because the CSRF token … is not included as part of the request. … So, let's try again. … We have the response of getting the journal entries … and on that page, the two forms that exist …
Skill Level Advanced
Building a Paid Membership Site with Djangowith Nick Walter1h 15m Intermediate
OWASP Top 10: #7 XSS and #8 Insecure Deserializationwith Caroline Wong26m 31s Intermediate
Building RESTful Web APIs with Djangowith Rudolf Olah1h 9m Intermediate
1. Permissions, Access Controls, Activity Logs
2. Throttling a Flood of Requests
3. Protecting Data and Data Privacy
4. 2FA: Two-Factor Authentication
5. CSRF: Cross-Site Request Forgery Protection
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.