{
"info": {
"author": "Vladimir Iakovlev",
"author_email": "nvbn.rm@gmail.com",
"bugtrack_url": null,
"classifiers": [
"Development Status :: 4 - Beta",
"Environment :: Web Environment",
"Environment :: Web Environment :: Mozilla",
"Framework :: Django",
"Intended Audience :: Developers",
"License :: OSI Approved :: BSD License",
"Operating System :: OS Independent",
"Programming Language :: Python",
"Topic :: Software Development :: Libraries :: Python Modules"
],
"description": "What is this?\n-------------\n\n``django-session-csrf`` is an alternative implementation of Django's CSRF\nprotection that does not use cookies. Instead, it maintains the CSRF token on\nthe server using Django's session backend. The csrf token must still be\nincluded in all POST requests (either with `csrfmiddlewaretoken` in the form or\nwith the `X-CSRFTOKEN` header).\n\n\nInstallation\n------------\n\nFrom PyPI::\n\n pip install django-session-csrf-per-view\n\nFrom github::\n\n git clone git://github.com/mozilla/django-session-csrf.git\n\nReplace ``django.core.context_processors.csrf`` with\n``session_csrf.context_processor`` in your ``TEMPLATE_CONTEXT_PROCESSORS``::\n\n TEMPLATE_CONTEXT_PROCESSORS = (\n ...\n 'session_csrf.context_processor',\n ...\n )\n\nReplace ``django.middleware.csrf.CsrfViewMiddleware`` with\n``session_csrf.CsrfMiddleware`` in your ``MIDDLEWARE_CLASSES``\nand make sure it is listed after the AuthenticationMiddleware::\n\n MIDDLEWARE_CLASSES = (\n ...\n 'django.contrib.auth.middleware.AuthenticationMiddleware',\n ...\n 'session_csrf.CsrfMiddleware',\n ...\n )\n\nThen we have to monkeypatch Django to fix the ``@csrf_protect`` decorator::\n\n import session_csrf\n session_csrf.monkeypatch()\n\nMake sure that's in something like your root ``urls.py`` so the patch gets\napplied before your views are imported.\n\n\nDifferences from Django\n-----------------------\n\n``django-session-csrf`` does not assign CSRF tokens to anonymous users because\nwe don't want to support a session for every anonymous user. Instead, views\nthat need anonymous forms can be decorated with ``@anonymous_csrf``::\n\n from session_csrf import anonymous_csrf\n\n @anonymous_csrf\n def login(request):\n ...\n\n``anonymous_csrf`` uses the cache to give anonymous users a lightweight\nsession. It sends a cookie to uniquely identify the user and stores the CSRF\ntoken in the cache. It can be controlled through these settings:\n\n ``ANON_COOKIE``\n the name used for the anonymous user's cookie\n\n Default: ``anoncsrf``\n\n ``ANON_TIMEOUT``\n the cache timeout (in seconds) to use for the anonymous CSRF tokens\n\n Default: ``60 * 60 * 2 # 2 hours``\n\nNote that by default Django uses local-memory caching, which will not\nwork with anonymous CSRF if there is more than one web server thread.\nTo use anonymous CSRF, you must configure a cache that's shared\nbetween web server instances, such as Memcached. See the `Django cache\ndocumentation `_\nfor more information.\n\n\nIf you only want a view to have CSRF protection for logged-in users, you can\nuse the ``anonymous_csrf_exempt`` decorator. This could be useful if the\nanonymous view is protected through a CAPTCHA, for example.\n\n::\n\n from session_csrf import anonymous_csrf_exempt\n\n @anonymous_csrf_exempt\n def protected_in_another_way(request):\n ...\n\n\nIf you want all views to have CSRF protection for anonymous users, use\nthe following setting:\n\n ``ANON_ALWAYS``\n always provide CSRF protection for anonymous users\n\n Default: False\n\n\nPer-action CSFR tokens\n----------------------\n\nFor using per-action CSRF tokens you need decorate your view:\n\n.. code-block:: python\n\n from session_csrf.decorators import per_view_csrf\n\n @per_view_csrf\n def your_view(request):\n pass\n\nOr for class-based views:\n\n.. code-block:: python\n\n from django.views.generic import TemplateView\n from session_csrf.mixins import PerViewCsrfMixin\n\n class YourView(PerViewCsrfMixin, TemplateView):\n pass\n\nAnd add template tag in your template:\n\n.. code-block:: html+django\n\n {% load session_csrf %}\n\n \n\n\nWhy do I want this?\n-------------------\n\n1. Your site is on a subdomain with other sites that are not under your\n control, so cookies could come from anywhere.\n2. You're worried about attackers using Flash to forge HTTP headers.\n3. You're tired of requiring a Referer header.\n\n\nWhy don't I want this?\n----------------------\n\n1. Storing tokens in sessions means you have to hit your session store more\n often.\n2. It's a little bit more work to CSRF-protect forms for anonymous users.",
"description_content_type": null,
"docs_url": null,
"download_url": "UNKNOWN",
"downloads": {
"last_day": -1,
"last_month": -1,
"last_week": -1
},
"home_page": "http://github.com/mozilla/django-session-csrf",
"keywords": null,
"license": "BSD",
"maintainer": null,
"maintainer_email": null,
"name": "django-session-csrf-per-view",
"package_url": "https://pypi.org/project/django-session-csrf-per-view/",
"platform": "UNKNOWN",
"project_url": "https://pypi.org/project/django-session-csrf-per-view/",
"project_urls": {
"Download": "UNKNOWN",
"Homepage": "http://github.com/mozilla/django-session-csrf"
},
"release_url": "https://pypi.org/project/django-session-csrf-per-view/0.5.3/",
"requires_dist": null,
"requires_python": null,
"summary": "CSRF protection for Django without cookies.",
"version": "0.5.3"
},
"last_serial": 1021263,
"releases": {
"0.5": [
{
"comment_text": "",
"digests": {
"md5": "e621ac5687d75925ee65714308064e30",
"sha256": "458602236d017a847280b16442b75b2a3f26e39d0814dba93649642b3402aedb"
},
"downloads": -1,
"filename": "django-session-csrf-per-view-0.5.tar.gz",
"has_sig": false,
"md5_digest": "e621ac5687d75925ee65714308064e30",
"packagetype": "sdist",
"python_version": "source",
"requires_python": null,
"size": 12965,
"upload_time": "2014-03-05T20:35:20",
"url": "https://files.pythonhosted.org/packages/54/1d/41a67deb0e6147665a9df25e5fe84882982b1586d96510aa6107b119c677/django-session-csrf-per-view-0.5.tar.gz"
}
],
"0.5.1": [
{
"comment_text": "",
"digests": {
"md5": "5725f1e75c39edd83b8a2e5c5175c8fa",
"sha256": "d7da7a43b5de311f787c49f107ccc74e9b1a2235d4abadac8a8b80dfc84d5559"
},
"downloads": -1,
"filename": "django-session-csrf-per-view-0.5.1.tar.gz",
"has_sig": false,
"md5_digest": "5725f1e75c39edd83b8a2e5c5175c8fa",
"packagetype": "sdist",
"python_version": "source",
"requires_python": null,
"size": 13578,
"upload_time": "2014-03-06T15:31:56",
"url": "https://files.pythonhosted.org/packages/d6/20/a17083723d43079acebd2895faab3fdaaa20e1c978a839949ed421f1c066/django-session-csrf-per-view-0.5.1.tar.gz"
}
],
"0.5.2": [
{
"comment_text": "",
"digests": {
"md5": "c3fd965827666a0b0c0c401ceb4141a7",
"sha256": "726aa2f0e4aa06f6cb2677df8514eded5afd0b7aa08c2c11dbe64f3d75c6e6fe"
},
"downloads": -1,
"filename": "django-session-csrf-per-view-0.5.2.tar.gz",
"has_sig": false,
"md5_digest": "c3fd965827666a0b0c0c401ceb4141a7",
"packagetype": "sdist",
"python_version": "source",
"requires_python": null,
"size": 13598,
"upload_time": "2014-03-06T15:48:19",
"url": "https://files.pythonhosted.org/packages/17/a9/189465d88bd0de0dc15efba7acc53ea3c4986b072c747d066d13bfb0fe97/django-session-csrf-per-view-0.5.2.tar.gz"
}
],
"0.5.3": [
{
"comment_text": "",
"digests": {
"md5": "628534c585e37e4e0033a4c08c774686",
"sha256": "7510e11adae359d63bce027ede5eb21a3e33fb4865195d6aebe2a1b53d125546"
},
"downloads": -1,
"filename": "django-session-csrf-per-view-0.5.3.tar.gz",
"has_sig": false,
"md5_digest": "628534c585e37e4e0033a4c08c774686",
"packagetype": "sdist",
"python_version": "source",
"requires_python": null,
"size": 13615,
"upload_time": "2014-03-06T16:13:32",
"url": "https://files.pythonhosted.org/packages/46/7a/d9f28ac1349e36aa33bdb43cde615a6822d1972d066f2f9f312b231fc243/django-session-csrf-per-view-0.5.3.tar.gz"
}
]
},
"urls": [
{
"comment_text": "",
"digests": {
"md5": "628534c585e37e4e0033a4c08c774686",
"sha256": "7510e11adae359d63bce027ede5eb21a3e33fb4865195d6aebe2a1b53d125546"
},
"downloads": -1,
"filename": "django-session-csrf-per-view-0.5.3.tar.gz",
"has_sig": false,
"md5_digest": "628534c585e37e4e0033a4c08c774686",
"packagetype": "sdist",
"python_version": "source",
"requires_python": null,
"size": 13615,
"upload_time": "2014-03-06T16:13:32",
"url": "https://files.pythonhosted.org/packages/46/7a/d9f28ac1349e36aa33bdb43cde615a6822d1972d066f2f9f312b231fc243/django-session-csrf-per-view-0.5.3.tar.gz"
}
]
}