Django-allauth csrf protect mobile client

Question

Django-allauth csrf protect mobile client

I would like to use the services django-allauthusing the mobile client. When I request a login, registration page, it gives an error csrf protectionto prevent cross-site requests. I can solve this problem by placing the tag csrf_exemptin the methods dispatchin the application modules django-allauth, but I do not know if this is suitable for this. I do not want to break the original structure django-allauth. What can I do instead, can I request csrfmiddlewaretoken?

+4

django django-allauth django-csrf

mustafa.yavuz May 23 '14 at 7:25

source share

1 answer

martincpt · Answer 1 · 2014-12-02T15:23:44+0000

csrf_exempt must be approved in case of mobile authentication. If you also want to provide a web interface, you should separate the URL settings and avoid using csrf_exempt .

If you want to make your mobile auth more secure, I would create a hashed string from the device ID and a secret string stored both on your server and on your application. However, then you must also include the device identifier in your request in order to reproduce the hash on the server.

Django-allauth csrf protect mobile client

More articles: