Enable Django CSRF middleware for browser apps | Critiq Docs

#Metadata

Rule ID: py.security.django-missing-csrf-middleware
Severity: medium
Confidence: 0.78
Languages: python
Presets: security, strict
Stability: stable
Applies to: block
Tags: csrf, django, python, rules-catalog, security

#Why it matters

Without CSRF middleware, Django cannot enforce CSRF tokens on unsafe HTTP methods for browser clients.

#Remediation

Insert `django.middleware.csrf.CsrfViewMiddleware` into `MIDDLEWARE` according to the Django deployment checklist ordering guidance.

#Repository path

The generated metadata points to critiq-rules/libs/rules/catalog/rules/python/py.security.django-missing-csrf-middleware.rule.yaml.

Back to directory Open rule in repository