0

I am building an app in Django-React that requires me to upload some images into a folder. When I submit the upload button I get error 403 on the request. Looking at the console, the response says: "CSRF Failed: CSRF token missing or incorrect." I have tried adding the @csrf_exempt decorator over the function in views.py but that is not working. Here's an extract of the relevant code:

settings.py

MEDIA_URL = '/upload/'
MEDIA_ROOT = os.path.join(BASE_DIR, '..', 'frontend', 'build', 'static', 'assets')

urls.py

from django.conf import settings
from django.conf.urls.static import static
from django.contrib import admin
from django.urls import path, re_path
from django.views.generic import TemplateView
from woundapp import views 
from rest_framework.urlpatterns import format_suffix_patterns

urlpatterns = [
    path('upload/', views.upload_images),
    path('admin/', admin.site.urls),
    ...
    re_path(r".*", TemplateView.as_view(template_name="index.html")),
]

urlpatterns = format_suffix_patterns(urlpatterns)

if settings.DEBUG:
    urlpatterns += static(settings.MEDIA_URL, document_root=settings.MEDIA_ROOT)

models.py

from django.db import models

class Image(models.Model):
    image_url = models.ImageField(upload_to='unprocessed/')

serializers.py

from rest_framework import serializers
from .models import Image

class ImageSerializer(serializers.ModelSerializer):
  
    class Meta:
        model = Image
        fields = [
            'image_url'
            ]

views.py

from django.http import HttpResponse
from django.views.decorators.csrf import csrf_exempt
import os 
from .models import Image
from .serializers import ImageSerializer
import requests
from rest_framework.decorators import api_view
from rest_framework.response import Response
from rest_framework import status 

@api_view(['POST'])
@csrf_exempt
def upload_images(request, format=None):
    if request.method == 'POST':
        print(request.data.get("images"))
        serializer = ImageSerializer(data=request.data, many=True)
        if serializer.is_valid():
            serializer.save()
            images = request.data.get("images")
            Image.objects.create(image=images)
            return Response(serializer.data, status=status.HTTP_201_CREATED)
        else:
            return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)

However, if I manually upload the images from http://127.0.0.1:8000/admin/ it does work for me.

Can someone please tell me if I am doing something wrong?

Thanks in advance.

I saw some post suggesting to use the @csrf_exempt decorator and I tried that but that is not working.

Jorge Rodríguez Peña
  • 1
  • 2
  • 1
    Does this answer your question? [Django CSRF check failing with an Ajax POST request](https://stackoverflow.com/questions/5100539/django-csrf-check-failing-with-an-ajax-post-request) – Ivan Starostin Nov 23 '22 at 09:39

1 Answers1

0

I think you need add root of image folder like this...

MEDIA_URL = '/upload/'
MEDIA_ROOT = os.path.join(BASE_DIR, '..', 'upload', 'frontend', 'build', 'static', 'assets')
Mahammadhusain kadiwala
  • 2,693
  • 2
  • 4
  • 12