I would like to use django-allauth services using a mobile client. When I request login, signup pages it gives csrf protection error in order to prevent cross site requests. I can solve this problem by putting csrf_exempt tag in dispatch methods in django-allauth app modules but I don't know if this is proper way to handle this. I don't want to break original structure of django-allauth. What could I do instead of this, can I request for a csrfmiddlewaretoken?
Asked
Active
Viewed 414 times
5
mustafa.yavuz
- 1,274
- 2
- 21
- 40
1 Answers
0
csrf_exempt should be ok in case of mobile authentication. If you also want to provide a web interface then you should separate your url settings and avoid the usage of csrf_exempt there.
If you want to make your mobile auth more secure then I would create a hashed string from the device id and a secret string that stored both on your server and your app. However then you also have to include the device id in your request to reproduce the hash on the server.
martintrapp
- 769
- 6
- 15