I don't think its risky to have csrf token in the url since its in open view in the page's source anyway (I'm not a security expert so that with a very large bag of salt). However you would have that behavior when you are submitting a form with a GET. You should use POST to submit your form instead of GET. On 3 Oct 2014 14:26, "Sabine Maennel" <sabine.maen...@gmail.com> wrote:
> Please help: I am confused whether it is okay that it is showing in the > url like this: > > > > http://netteachers.de/bewerbung/formular?csrfmiddlewaretoken=2jKsplZsQx5XpBfltUaDmgJjhRiCllxQ > > > This happens when I enter my form ( a CreateView Model Form)? Is that oky > or a security risk of any kind? > > -- > You received this message because you are subscribed to the Google Groups > "Django users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to django-users+unsubscr...@googlegroups.com. > To post to this group, send email to django-users@googlegroups.com. > Visit this group at http://groups.google.com/group/django-users. > To view this discussion on the web visit > https://groups.google.com/d/msgid/django-users/2e571910-4d1d-4066-9c60-9632f2613f88%40googlegroups.com > <https://groups.google.com/d/msgid/django-users/2e571910-4d1d-4066-9c60-9632f2613f88%40googlegroups.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To post to this group, send email to django-users@googlegroups.com. Visit this group at http://groups.google.com/group/django-users. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CA%2BWjgXPh7vr2TtjMitmmjsbWSDyUkxc3cSChpGf9HsbmAOn%2BSQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
