Disable CSRF protection for a specific view:
Code:
from django.views.decorators.csrf import csrf_exempt
@csrf_exempt
def my_view(request):
# your view code here
By using the @csrf_exempt decorator, you can disable CSRF protection for a specific view. However, be careful when doing this, as it can potentially leave your application vulnerable to CSRF attacks.
Disable CSRF protection for all views:
To disable CSRF protection for all views in your project, you can add the following code to your settings.py file:
Code:
MIDDLEWARE = [
# ...
'django.middleware.csrf.CsrfViewMiddleware',
# ...
]
CSRF_COOKIE_SECURE = False
CSRF_COOKIE_HTTPONLY = False
By removing the CsrfViewMiddleware middleware from the middleware list, CSRF protection will be disabled for all views. Additionally, you can also set the CSRF_COOKIE_SECURE and CSRF_COOKIE_HTTPONLY settings to False to disable the use of secure cookies and HTTP-only cookies respectively.