3

I'd like to send a request and get the XSRF-TOKEN from it's cookie and when I send the POST to the register I'd like to put it into the header. Actually I'd like to do something this: access laravel app from android app with csrf token

I'm using StringRequest to send a request like this: 

private void registerUser(final String name, final String email,
                          final String password,final String confirm) {
    // Tag used to cancel the request
    String tag_string_req = "req_register";

    pDialog.setMessage("Registering ...");
    showDialog();

    final StringRequest strReq = new StringRequest(Request.Method.POST,
            AppConfig.URL_REGISTER, new Response.Listener<String>() {

        @Override
        public void onResponse(String response) {

            datares = response;

            Log.d("REGISTER RESPONSE", "Register Response: " + response.toString());

    }, new Response.ErrorListener() {

        @Override
        public void onErrorResponse(VolleyError error) {
            Log.e(TAG, "Registration Error: " + error.getMessage());
            Toast.makeText(getActivity().getApplicationContext(),
                    error.getMessage(), Toast.LENGTH_LONG).show();
            hideDialog();
        }
    }) {

        @Override
        protected Map<String, String> getParams() {
            // Posting params to register url
            Map<String, String> params = new HashMap<String, String>();
            params.put("name", name);
            params.put("email", email);
            params.put("password", password);
            params.put("password-confirm",confirm);

            return params;
        }

    };
    // Adding request to request queue
    AppController.getInstance().addToRequestQueue(strReq, tag_string_req);
}

And the AppController.java

public static synchronized AppController getInstance() {
    return mInstance;
}

public RequestQueue getRequestQueue() {
    if (mRequestQueue == null) {
        mRequestQueue = Volley.newRequestQueue(getApplicationContext());
    }

    return mRequestQueue;
}

public <T> void addToRequestQueue(Request<T> req, String tag) {
    req.setTag(TextUtils.isEmpty(tag) ? TAG : tag);
    getRequestQueue().add(req);
}

Have you any idea how can I do this with Volley?

Community
  • 1
  • 1
T.dog
  • 91
  • 1
  • 12

1 Answers1

1

Its a late answer. Anyway, I am adding one of the ways here if someone stumbles upon here looking for any answer :)

You can use csrf_exempt. It would exempt the view from CSRF consideration. I am not sure whether it is a major security risk or not, but it works.

from django.views.decorators.csrf import csrf_exempt

# Create your views here.
from django.http import HttpResponse

@csrf_exempt
def homePageView(request):
    data = request.POST.get('data')
    return HttpResponse(data)
Ankit Shubham
  • 2,989
  • 2
  • 36
  • 61