CSRF跨站请求伪造的模拟GET请求实例

1、在命令行创建django工程djcsrfget，在工程内创建应用testget，命令如下：django-admin startproject djcsrfgetcd djcsrfgetpython manage.py startapp testget

3、在项目根目录，新建templates文件夹，并在文件夹内新建‘login.html炀售沲记’和‘index.html’文件，内容如下：login.html<!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <title>Title</title></head><body> <form action="/login/" method="POST"> {% csrf_token %} <label>用户名</label> <input type="text" name ="username"> <br/> <br/> <label>密码</label> <input type="password" name="password"> <br/> <br/> <input type="submit" value="登录"> </form></body></html>index.html<!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <title>Title</title></head><body> <p>欢迎{{user}}</p> <p> <a href="/transfer/">转账</a> </p></body></html>

4、在工程的同名文件夹的urls.py文件，include到应用的urls.py文件，代码如下:from django.conf.urls import url,includefrom django.contrib import adminurlpatterns = [ url(r'^admin/', admin.site.urls), url(r'',include('csrfget.urls')),]在应用内新建urls.py文件，并写代码如下：from django.conf.urls import urlfrom . import viewsurlpatterns = [ url(r'login/',views.login), url(r'index/',views.index), url(r'transfer/',views.transfer)]

6、进行数据库迁移并创建一个超级用户，打开开发工具的terminalpython manage.py migratepython manage.py createsuperuser