Is Varnish compatible with Django Csrf protection?

Question

Is Varnish compatible with Django Csrf protection?

I would like to put Varnish as a corporate website built with Django to improve its performance. On each page of the site there is a small contact form. In addition, the site is mostly static. The problem is that I cannot figure out how to combine varnish with Djangos Csrf protection. I believe that the same question applies to any full-text caching with Django csrf protection.

I suppose disabling csrf middleware is not allowed?

Matti

+4

django varnish

Matti Kotsalainen Aug 20 '12 at 8:12

source share

1 answer

Vitalii zurian · Accepted Answer · 2012-08-26T13:17:45+0000

Usually I suggest you start using Django + Varnish ESI .

If you only use full page caching, I offer you the following workaround:

Moving boot forms to an AJAX call (per POST request)
In your vcl file vcl either only GET requests for lookup are marked, or mark POST requests for hit_for_pass .

Is Varnish compatible with Django Csrf protection?

More articles: