레몬베이스 온보딩 프로젝트

레몬베이스에서 실제 제품 개발에 사용하는 개발 환경 배우기

코스 전체목록

닫기

Part 4

Writing your first Django app, part 4

https://docs.djangoproject.com/en/3.0/intro/tutorial04/

Github Tag: https://github.com/studroid/writing-your-fisrt-django-app/commits/Part-4-Finished  

CSRF Token의 동작 원리 - 추가 정리 필요
https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html#token-based-mitigation

토큰 방식의 한계? - 토큰 노출 시​https://www.researchgate.net/publication/290470465_Enhanced_CSRF_Defense_Using_a_Secret_Value_Between_Server_and_User

쉬운 설명
https://itstory.tk/entry/CSRF-%EA%B3%B5%EA%B2%A9%EC%9D%B4%EB%9E%80-%EA%B7%B8%EB%A6%AC%EA%B3%A0-CSRF-%EB%B0%A9%EC%96%B4-%EB%B0%A9%EB%B2%95

CSRF 공격의 핵심: A CSRF attack simply takes advantage of the fact that the browser sends the Cookie to the web application automatically with each and every request.
-> Browsers send all relevant cookies to the destination web site.
https://medium.com/@charithra/introduction-to-csrf-a329badfca49

CSRF 토큰은 쿠키에 저장되고, 쿠키는 브라우저에서 사전 설정이 없는 한 Same-Origin Access만 되기 때문에 Django의 CSRF Token 방식이 가능
Django Template Language의 For 반복문 안에서
{{ forloop.counter }} index starts at 1.

{{ forloop.counter0 }} index starts at 0.
request.POST['choice'] will raise KeyError if choice wasn’t provided in POST data. The above code checks for KeyError and redisplays the question form with an error message if choice isn’t given.
reverse(), resolve_url() 등 이름으로 URL을 생성하는 함수에 대한 설명
https://wayhome25.github.io/django/2017/05/05/django-url-reverse/
Race Condition(두 스레드가 공유 자원에 접근 시, 원본 값 기준 업데이트로 인해 한 스레드의 작업이 버려지는 경우) 회피 방법 - F 객체 사용 -> 파이썬 메모리에서 작업하지 않고 SQL로 직접 처리
https://docs.djangoproject.com/en/3.0/ref/models/expressions/#avoiding-race-conditions-using-f
Class-based View (Generic View)에 대한 아래 설명 중요!
We’re using two generic views here: ListView and DetailView. Respectively, those two views abstract the concepts of “display a list of objects” and “display a detail page for a particular type of object.”
 
Each generic view needs to know what model it will be acting upon. This is provided using the model attribute.
The DetailView generic view expects the primary key value captured from the URL to be called "pk", so we’ve changed question_id to pk for the generic views.
By default, the DetailView generic view uses a template called <app name>/<model name>_detail.html. In our case, it would use the template "polls/question_detail.html". The template_name attribute is used to tell Django to use a specific template name instead of the autogenerated default template name. We also specify the template_name for the results list view – this ensures that the results view and the detail view have a different appearance when rendered, even though they’re both a DetailView behind the scenes.
 
Similarly, the ListView generic view uses a default template called <app name>/<model name>_list.html; we use template_name to tell ListView to use our existing "polls/index.html" template.
Class-based View에 대한 추가 학습:
https://docs.djangoproject.com/en/3.0/topics/class-based-views/ 

댓글

댓글 본문
버전 관리
김시준
현재 버전
선택 버전
graphittie 자세히 보기