Code Room
Code reviewMediumcr-g552
Subject Security csrfLevel Mid–Senior~18 minCommon in Security interviewsIndustries Software development

Question

Review this Django view that transfers money between the logged-in user's accounts.

What a strong answer looks like

Separate real bugs from style. Rank issues by severity, point at the root cause rather than the symptom, and suggest a concrete fix — specific and kind.

Talk through your review
Code to reviewpython
from django.views.decorators.csrf import csrf_exemptfrom django.http import JsonResponse @csrf_exemptdef transfer(request):    if not request.user.is_authenticated:        return JsonResponse({'error': 'auth'}, status=401)    amount = request.POST['amount']    to_acct = request.POST['to']    request.user.wallet.send(to_acct, amount)    return JsonResponse({'ok': True})
Run or narrate your approach, then ask the coach.