Really disable the cross site request forgery (csrf) middleware in Django

So, I’m using the Django built-in ‘auth’ app in the project I’m working on now, in order to handle the login/logout. My problem is that I want to disable the csrf protection that Django provides by default. So I said “No problem, I’ll just remove the csrf middleware”.

Apparently, this doesn’t cut it for the login app, because if you look in the code of the current version of Django at the moment I’m writing this (1.3.1) for how the @csrf_protect decorator that the login view is using, you’ll notice that it will not take into account if you use the csrf middleware in your project or not, it will just use it anyway.

So, in order to really disable the csrf protection, I found on Stack Overflow the following solution:

You create a middleware.py file in your Django application in which you’ll place the following class:

1
2
3
class DisableCSRF(object):
    def process_request(self, request):
        setattr(request, '_dont_enforce_csrf_checks', True)

Now, you add the above middleware to your project settings at the end of the MIDDLEWARE_CLASSES setting like so:

1
2
3
4
MIDDLEWARE_CLASSES = (
    ...
    '<YOUR_APP_NAME>.middleware.DisableCSRF'
)

Hope this helps! ;)

UPDATE: As Tim rightly pointed out in the comments, you will obviously have to remove {% csrf_token % } from the login template, if you still have it there.

Comments

19 Responses to “Really disable the cross site request forgery (csrf) middleware in Django”
  1. Tim says:

    Thanks for posting this! I had the exact same problem, in addition though I had to remove the {% csrf_token % } from the login template.

  2. ben says:

    Many thanks! Your post really save my life!

  3. Kristina says:

    Wow! In the end I got a website from where I know how to genuinely get valuable facts regarding my study and knowledge.

  4. If some one wishes expert view regarding blogging then i suggest him/her
    to pay a visit this web site, Keep up the fastidious job.

  5. youtube.com says:

    Thank you for the auspicious writeup. It in truth used to be a entertainment account
    it. Look complex to far brought agreeable from you! By the way, how could we communicate?

  6. switch-uri says:

    Valuable information. Fortunate me I discovered your website by
    accident, and I’m shocked why this coincidence didn’t took place earlier!
    I bookmarked it.

  7. I don’t drop many comments, butt i did some searching and wound up
    here Reallly disable the creoss site request orgery
    (csrf) middleware in Django | So, you code ?.

    And I actually do have 2 questions for you if it’s allright.
    Is iit only me or doeds it look as if like some of the remardks
    come across like they are left by brain dead people?
    :-P And, if you are writing at oyher sites, I would like to follow anything fresh you have to post.
    Could you list of aall of your community pages like your
    twitter feed, Facebook page or linkedin profile?

  8. To prepqre your moisturizer, combine equal
    parts of a water base with an oil base, and add ten percent parts
    of an emulsifier. Wiith so many things out there, the idea of what to do for your skin
    can be very confusing. Honey is an excellent natural moisturizer that is ussed by applying a thin layer of honey all over the face,
    and then washing it offf with tepid wawter after 15 minutes.

  9. The sitemap is updated every time you post solmething and the major search engine
    are pinged automatically. Make sure the image itle and alt tags
    all contain your keyword phrase. Search engine optimizers usually offer
    SEO as a stand-on your own services oor as a component of a
    broader advertising campaign.

  10. I hardly create remarks, but after reading through a lot of remarks on this page
    Really disable the cross site request forgery (csrf) middleware in Django | So, you code ?.
    I actually do have a couple of questions for you if you don’t mind.
    Could it be just me or do a few of these comments appear like they are coming from brain dead folks?
    :-P And, if you are posting on additional places, I would like to keep up with
    you. Could you make a list of every one of all your social sites like your linkedin profile, Facebook page or
    twitter feed?

  11. I admire your work, thanks for sharing all the helpful blogs.

  12. Jarred says:

    Hello my friend! I wish to say that this post is
    awesome, nice written and come with approximately all vital infos.

    I would like to peer extra posts like this .

  13. I was recommended this web site by my cousin. I am no longer sure whether this post is written by means of him as no one else recognise such detailed
    about my difficulty. You are incredible!
    Thank you!

  14. You can also use coconut oil as a deep conditioning treatment.
    Your body protects you from stress by releasing cortisone
    and by adjusting your hormone levels to an un-natural condition.
    In cold fusion a keratin-based polymer iss used to aytach the
    extension to your natural hair.

  15. I am not sure where you’re getting your information, but great topic.
    I needs to spend some time learning more or understanding more.
    Thanks for fantastic info I was looking for
    this info for my mission.

  16. Spot on with this write-up, I absolutely believe this site needs much more attention.
    I’ll probably be back again to see more, thanks for the info!

  17. metrum says:

    Hi my friend! I want to say that this post is awesome, nice written and include approximately all significant
    infos. I would like to peer more posts like this .

  18. Glenn says:

    Super-Duper website! I’m loving it!! Will be back later to read more.
    I am bookmarking your feeds as well.

Speak Your Mind

Tell us what you're thinking...
and oh, if you want a pic to show with your comment, go get a gravatar!