Stack Overflow
Stack Overflow

Questions tagged [django-csrf]

django-csrf is the Cross Site Request Forgery (CSRF) protection middleware for Django.

The Csrf Middleware for Django modifies outgoing requests that are associated with a session by adding a hidden form field to all 'POST' forms, with name 'csrfmiddlewaretoken' and a value which is a hash of the session ID plus a secret.

The middleware then processes all incoming POST requests that have the session cookie set, checks that the 'csrfmiddlewaretoken' is present and correct, and if it isn't, throws a 403 error.

618 questions
3
votes
1 answer

Django navigator.sendbeacon csrf protection

I have a problem with navigator.sendBeacon('endpoint/', data). I have an error Forbidden (CSRF token missing or incorrect.) because it pass data via POST method. I know i should set csrf token, but I don't know how set it in this case, anyone have…
Piotr Kontowicz
  • 31
  • 2
3
votes
2 answers

django rest framework - session auth vs token auth, csrf

I have DRF set with the default settings. My ajax clients works fine with the session authentication. I want another remote server to consume the same API as the javascript clients. My login code is simple: class Login(APIView): def post(self,…
user3599803
  • 6,435
  • 17
  • 69
  • 130
3
votes
2 answers

Hide csrf token in get method in the django

How can I hide the CSRF token from the get method in the Django? When we call the get method then only the parameters need to visible in the browser URL rather than the CSRF token.
beginners
  • 305
  • 3
  • 16
3
votes
1 answer

What is the recommended way to have CSRF protection in a Django Rest Framework + Angular application?

I have been struggling with a configuration between Django and Angular, and I am missing something. What is the recommended way of doing that? Angular has some XSRF protection, but it has changed since AngularJS and I found a lot of outdated…
MariusSiuram
  • 3,380
  • 1
  • 21
  • 40
3
votes
1 answer

Acquiring CSRF token from Django when index.html is served by nginix

I have a React SPA with a Django backend. Like most SPAs, there is an index.html file that needs to be served. But the problem is that this file is served with nginx, so user does not obtain csrf token required to make api calls. I don't really want…
RomaValcer
  • 2,786
  • 4
  • 19
  • 29
3
votes
2 answers

Unity Web Request + Django: CSRF token missing or incorrect

I am receiving an error from Django that the "CSRF token is missing or incorrect" along with its standard error message. Many other questions have covered the right response when you're working with a standard browser and a Django server, but I'm…
Mark Miller
  • 706
  • 4
  • 14
3
votes
1 answer

How to send POST request from localhost (http) to django (https)?

Send to proxy /api with all params (header/cookie/post) as docs And get server.js 'use strict'; const fs = require('fs'), proxy = require('http-proxy-middleware'), browserSync = require('browser-sync').create(); function…
Slaawwa
  • 185
  • 12
3
votes
0 answers

Django CSRF token missing or incorrect on POST form with FILE Upload

When I submit the form I see this which shows that I submit file as well as csrfmiddlewaretoken However POST Handler shows error message "CSRF token missing or incorrect." At the same time if I submit the form without files selected - then POST…
DmitrySemenov
  • 9,204
  • 15
  • 76
  • 121
3
votes
0 answers

Django login function - TypeError: context must be a dict rather than Context

I'm working on a Django project. I'm having a problem with the login view. No matter what I try I keep getting a type error. Here are the html template and login view: login.html {% extends "base.html" %} {% load bootstrap_tags %} {% block content…
Andrew Fillary
  • 45
  • 5
3
votes
1 answer

Django/Django Rest Framework - Disable CSRF

Im looking for a simple way to disable all the CSRF validation to can test my API in Postman. Till now I have tried add @decorator csrf_exempt without success. I also tried create a disable.py file inside the app, but didn't work also. Also I want…
62009030
  • 347
  • 1
  • 5
  • 20
3
votes
1 answer

Django csrf fails after logout login new user

Even if I understand the problem, I'm not sure how to solve this. I have a django powered api that has an endpoint that lets the user change the email. If the logged user A enters a already existing email, it checks if the logged user A entered a…
Alejandro Veintimilla
  • 10,743
  • 23
  • 91
  • 180
3
votes
0 answers

Have Django check csrftoken from Cookie instead of POST data or header

I have an api on api.mysite.com and the frontend on other.mysite.com and need AJAX to work, ideally with CSRF protection. I can a csrftoken from an XHR, and it sets the cookie. When I make another XHR with withCredentials: true, that new XHR sends…
maxbellec
  • 16,093
  • 10
  • 36
  • 43
3
votes
1 answer

How to use django only a backend and post with django-rest-framework

I will be using Django only as the backend. The front end will be done using React and no django templates. I am using django-rest-framework to create a rest api for my website. I made a serializer for the user. class…
Robin
  • 5,366
  • 17
  • 57
  • 87
3
votes
3 answers

How would I authenticate and make requests from an iPhone app to a Django backend to get around CSRF?

I'm working with an iPhone developer who does not have any Django experience, and I am relatively new to Django. I've built an existing Django app with a web interface that allows a user to log in and add books from our database to his personal…
gohnjanotis
  • 6,513
  • 6
  • 37
  • 57
3
votes
2 answers

How to return new csrf token at ajax POST in Django?

I have this simple Like button that works well when used with @csrf_exempt: Template

{{ topic.likes }}

{% csrf_token %}
Jand
  • 2,527
  • 12
  • 36
  • 66
1 2 3
41 42