Django Retrieve CRSF token

Question

I would like to retrieve the CRSF token so I can do a POST externally from the website e.g via POSTMAN, or other external applications. I have exposed an API endpoint for user to upload files which they can do directly inside of doing it from website.

However CRSF token is needed. I wish to extract it (user will login via external client, therefore I wish to be able to pass in CRSF token so they can include it and submit the file, of course it won't be visisble, the program will set it manually when they click upload on the external program)

Uhh, what you're doing is exactly what CSRF is trying to prevent. — crimson589, Jul 09 '20 at 01:24
what should i do then if i want to expose an endpoint for users to call? — bawagoc25, Jul 09 '20 at 01:56
Well the simplest way is disabling csrf for that view by adding `@csrf_exempt` — crimson589, Jul 09 '20 at 03:03
@crimson589 , Can we copy CSRF token from browser cookie storage and use as Authorization header in POST requests ? — Anoop K George, Jul 09 '20 at 06:11

score 1 · Answer 1 · answered Jul 09 '20 at 06:09

1

If you want to access Django with Postman, make API end point(may be using Django Rest Framework).

Then in JS front end libraries you can add CSRF token explicitly https://docs.djangoproject.com/en/3.0/ref/csrf/

answered Jul 09 '20 at 06:09

Anoop K George

1,605
12
40

Django Retrieve CRSF token

1 Answers1