# Django Missing CSRF Protection

- ID: django-missing-csrf-protection
- Severity: HIGH
- CWE: Cross-Site Request Forgery (CWE-352)
- Languages: Python

## Description

Detects Django views that handle POST/PUT/DELETE requests without CSRF
protection. CSRF tokens prevent malicious sites from performing actions
on behalf of authenticated users.

## Detection Message

View handles POST/PUT/DELETE without @csrf_protect or @ensure_csrf_cookie decorator

## Remediation

Add CSRF protection:

```python
# Option 1: Use csrf_protect decorator
from django.views.decorators.csrf import csrf_protect

@csrf_protect
def my_view(request):
    if request.method == 'POST':
        # Handle POST
        pass

# Option 2: Enable CSRF middleware (recommended)
# In settings.py MIDDLEWARE:
'django.middleware.csrf.CsrfViewMiddleware',
```

## Documentation

[object Object]

## Related Rules

- **Angular Missing HTTP Security Interceptor** [HIGH]: 
- **Missing CSRF Protection (Gin)** [HIGH]: