How to get CSRF token in iOS?

Question

So I\'m trying to POST form data to my colleague\'s site in order login (simple username and password) from my iPhone app. However, it appears that I need a CSRF Token in o

Answer 1

in order to login (POST) with the token, of course you have to get the CSRF token first, like you said. if you do a GET call to the login page first (before you follow up with a POST), the result of the login page will return a csrf_token which you can see if you use a browser (with open developer tools pane), and look at the network pane under response content to see the csrftoken cookie set by the server. in my case:

Set-Cookie:csrftoken=PgQEgY3LAynbVeWRIzXoo2VFRLfd8Uqt; expires=Fri, 10-Nov-2017 18:59:54 GMT; Max-Age=31449600; Path=/; secure

after parsing this out of the response, set a header like:

X-CSRFToken: "PgQEgY3LAynbVeWRIzXoo2VFRLfd8Uqt" 

in your POST with the login/password info. HTH

Answer 2

As pointed out in the comments you could either parse it from any page containing a form on your friend's website.

If you want one for your own ask him to render this template at /ios/

ios.html:

{% csrftoken %}

Then launch a GET request:2 You can parse the value of the token with a regex:

NSString *regex = @"csrfmiddlewaretoken\".*?\"\(.*?\)\"";

Finally you have to set the value of the X-CSRFToken on your following HTTP POST requests.