Django管理表单可以使用跨站点请求伪造(CSRF)进行操作

Question

在我的Django管理站点中，我运行了一个漏洞测试，它显示了以下威胁：

An effective CSRF (Cross-Site Request Forgery) countermeasure for forms is to 
include a hidden field with a random value specific to the user's current session.
A form was detected that did not appear to contain an anti-CSRF token. 
This form was tested for susceptibility to a CSRF attack and determined to be vulnerable.

我查看了我的管理页面；CSRF已经设置好了。

Answer 1

自动化工具经常给Django的CSRF保护提供错误的肯定。Django安全团队收到了许多这样的无效报告。