Django: First Dive

Django: First Dive

0%

1. Get Started

This section provides an introduction to Django and its key concepts. It covers the explanation of Django as a web framework, the MVT architectural pattern it follows, and the steps to initialize a new project using Django. The section also includes instructions on running the server.

What is Django?

Model-View-Template

Challenge: Build the Project

2. Write the First Page

If you are ready to write your first HTML page on Django - now is the time. Here you can learn how to respond to web requests using the Python programming language.

Connect View to URL

Challenge: Write your View

3. Models

Do you think that building a database using Python is not possible? It's not true! Let's start to do it with Django!

How to create a Model?

Challenge: Zoo Market Table

4. Working with Database

If you already know how to build a database, then it's time to manipulate data from it. Django ORM is a tool that allows you to work with data from a database. Let's take a look at it, shall we?

Update and Delete Data

Challenge: CRUD with Person

5. Templates

The HTTP response as a string doesn't look good. It is worth correcting this by using DTL technology, which allows you to dynamically generate beautiful HTML pages and return them to the user.

Template Folder

6. Request Handling

You can learn how to answer requests in the previous sections but how to transfer information and process it? Passing data via HTTP request and retrieving is easy. You just have to figure it out, you can find help here.

Distribution of Request Methods

Request Data Extract

Create Post with Input Data

Redirect and reverse()

Course Content

Django: First Dive

Django: First Dive

1. Get Started

What is Django?Model-View-Template Start Project Start App Run Server Challenge: Build the Project

2. Write the First Page

View URL Connect View to URL Challenge: Write your View

3. Models

What is Model?How to create a Model?Challenge: Zoo Market Table Migrations

4. Working with Database

Create Data Retrieve Data Update and Delete Data Challenge: CRUD with Person Summary

5. Templates

Template Folder Context Post List View DTL Loop Links to Views

6. Request Handling

Distribution of Request Methods CSRF Token Request Data Extract Create Post with Input Data Redirect and reverse()

CSRF Token

Let's create the post_create.html file.

To create a post with specified parameters (title, text), we need to create a form for it.

Note
You can read about forms in the Ultimate HTML course.

index

index

index

Now, we have a form, but Django has different security tools. One of these is a CSRF Token.

CSRF (Cross-Site Request Forgery) is an attack that tricks a user's browser into making unwanted or malicious requests on their behalf. To protect against this attack, Django generates a unique CSRF token for each user session. This token is included in forms or as a header in HTTP requests. When a form is submitted or an HTTP request is made, Django checks if the received token matches the one associated with the user's session, thus ensuring that the request originates from the expected source. It helps prevent unauthorized actions and adds an extra layer of security to web applications.

We need to put the CSRF Token to the response using the DTL (Django Template Language).
To do this, it is necessary to write {% csrf_token %} inside the form in the template:

Note
The CSRF Token will be passed through the form in any case. Therefore, its position is not important. The main thing is that it is inside the form tag - otherwise, it will not be passed.

Django automatically uses the provided token passed with the POST request from the same page. This allows us to quickly develop and avoid logic related to security against CSRF attacks.

Everything was clear?

Section 6. Chapter 2

some-alt