Django: CSRF exempt view


Django’s CSRF protection is usually a great thing, but when building (API) endpoints meant to be accessed by scripts/third parties it gets in the way of that.

This is how to disable it:

For a class based view

from django.utils.decorators import method_decorator
from django.views.decorators.csrf import csrf_exempt

@method_decorator(csrf_exempt, name='dispatch')
class MyView(View):
    pass

For a function based view

from django.views.decorators.csrf import csrf_exempt

@csrf_exempt
def my_view(request):
    pass

See also