Django Rest Framework says CSRF verification failed despite CSRF token is included in axios POST header

Question

I have following react code to make call to django rest framework API:

import Cookies from 'js-cookie';
import axios from "axios";

async downloadVideowiseCSV (fromDate, toDate) {
        var url = '/stat/getStats/';
        const axiosInstance = axios.create(); 

        try {
            const response = await axiosInstance.post(url,
                {
                    data: {
                        'format': 'json'
                    },
                    header: {
                        'X-CSRFToken': Cookies.get('csrftoken')
                    }
                }
            )
        //...
}

When this method gets called, the corresponding request fails with CSRF verification:

However when I check the payload of the request, I could see that X-CSRFTOken is indeed populated:

Then whats going wrong here?

You are sending the token in the body which is incorrect, send it in the header instead — misraX, Sep 09 '22 at 00:56

score 0 · Answer 1 · answered Sep 09 '22 at 01:03

The problem is in your axios request, it's not correct to send the header in the body of the HTTP request.

The following should be a valid axios request which separates the data from the options ex:

const config = {
  headers: { 'X-CSRFToken': Cookies.get('csrftoken') },
};

const data = {format: 'json'}

axios.post('http://YOUR_URL', data, config)
  .then((response) => {
  console.log(response.data);
});

Django Rest Framework says CSRF verification failed despite CSRF token is included in axios POST header

1 Answers1