发表新帖
发表新帖

How to make a POST simple JSON using Django REST Framework? CSRF token missing or incorrect

前端 未结
关注
8 1971
清酒与你
清酒与你 2020-12-04 15:50

Would appreciate someone showing me how to make a simple POST request using JSON with Django REST framework. I do not see any examples of this in the tutorial anywhere?

相关标签:
8条回答
  • 迷失自我
    2020-12-04 15:51

    if you have set AllowAny permission and you facing with csrf issue

    REST_FRAMEWORK = {
    'DEFAULT_PERMISSION_CLASSES': [
        'rest_framework.permissions.AllowAny'
    ]
}

    then placing following in the settings.py will resolve the issue 

    REST_SESSION_LOGIN = False
    0 讨论(0)
  • 遇见更好的自我
    2020-12-04 15:55

    As you said your URL was

    http://localhost:8000/lakesShoreProperties/roles

    Postman has some issues with localhost. Sending the POST to 127.0.0.1:8000/your-api/endpoint instead did the trick for me.

    0 讨论(0)
  • 渐次进展
    2020-12-04 15:56

    To give an update on current status, and sum up a few answers:

    AJAX requests that are made within the same context as the API they are interacting with will typically use SessionAuthentication. This ensures that once a user has logged in, any AJAX requests made can be authenticated using the same session-based authentication that is used for the rest of the website.

    AJAX requests that are made on a different site from the API they are communicating with will typically need to use a non-session-based authentication scheme, such as TokenAuthentication.

    Therefore, answers recommending to replace SessionAuthentication with TokenAuthentication may solve the issue, but are not necessarily totally correct.

    To guard against these type of attacks, you need to do two things:

    1. Ensure that the 'safe' HTTP operations, such as GET, HEAD and OPTIONS cannot be used to alter any server-side state.

    2. Ensure that any 'unsafe' HTTP operations, such as POST, PUT, PATCH and DELETE, always require a valid CSRF token. If you're using SessionAuthentication you'll need to include valid CSRF tokens for any POST, PUT, PATCH or DELETE operations.

    In order to make AJAX requests, you need to include CSRF token in the HTTP header, as described in the Django documentation.

    Therefore, it is important that csrf is included in header, as for instance this answer suggests.

    Reference: Working with AJAX, CSRF & CORS, Django REST framework documentation.

    0 讨论(0)
  • 面向向阳花
    2020-12-04 16:05

    You probably need to send along the CSRF token with your request. Check out https://docs.djangoproject.com/en/1.7/ref/contrib/csrf/#csrf-ajax

    Update: Because you've already tried exempting CSRF, maybe this could help (depending on which version of Django you're using): https://stackoverflow.com/a/14379073/977931

    0 讨论(0)
  • 挽巷
    2020-12-04 16:07

    It's from your REST Framework settings. in your settings.py file, your REST_FRAMEWORK should have the following.

    REST_FRAMEWORK = {
    'DEFAULT_AUTHENTICATION_CLASSES': (
        'rest_framework.authentication.TokenAuthentication',
    ),
   'DEFAULT_PERMISSION_CLASSES': (
        'rest_framework.permissions.AllowAny',
    ),
}

    This will set your REST Framework to use token authentication instead of csrf authentication. And by setting the permission to AllowAny, you can authenticate only where you want to.

    0 讨论(0)
  • 鱼传尺愫
    2020-12-04 16:14

    CSRF is exempted by default in Django REST Framework. Therefore, curl POST request works fine. POSTMAN request call returned CSRF incorrect because POSTMAN included csrf token if it is found in Cookies. You can solve this by cleaning up Cookies.

    0 讨论(0)
 看不清?
提交回复
热议问题