3

I am a newbie in Django, Suppose I have a separate front end(something like Angular or react) & backend(Django).Now to access my APIs from the frontend we would require a CSRF token.

How can I address this issue? Wouldn't providing an API to get CSRF token defeat the purpose of CSRF tokens itself? I also saw in the docs that by using @ensure_csrf_cookie we can force to set the CSRF token in the cookie and later fetch it using a JavaScript script in the client side(shouldn't this be considered a security threat? if the CSRF token is easily available in the cookies).

I am trying to understand how CSRF tokens works, please excuse me if my understandings are wrong.

I would also like to test my APIs from Postman, but I would need to pass the csrf token also in the request, any suggestions on how to generate the csrf token so that I can use in my API testing?

Any help is much appreciated.

Raj Mohan
  • 47
  • 1
  • 9

1 Answers1

0

For sending a csrf token in postman i think answers for this question can help How do I send spring csrf token from Postman rest client?

, to know how csrf token really work you can refer to the official docs provided by django it will give you a proper understanding of it .

Mohamed Ibrahim
  • 29
  • 3
  • Thanks Mohamed for the info . I have a some more questions I have edited the post, could you please take a look? – Raj Mohan Aug 04 '21 at 18:01