CSRF Cookie not set when posting request with AngularJs - Django Backend

Question

I\'m building a web app with angularjs and django and I\'m submitting form via Ajax request.

My problem is that when posting an Ajxa request with angular (ng-file-up

Answer 1

If you added in the csrftoken to client headers: {'X-CSRFToken': $cookies['csrftoken']} means your client is most probably ready, but for security matter if you interact with django api from external application he will still block the request returning unsafe header "Cookie". try the following configuration to allow the cross site request over your app:

pip install django-cors-headers

and then add it to your installed apps in your settings.py:

INSTALLED_APPS = (
...
'corsheaders',
...
)

You will also need to add a middleware class to listen in on responses and make sure you respect the order as follow:

MIDDLEWARE_CLASSES = (
...
'corsheaders.middleware.CorsMiddleware',
'django.middleware.common.CommonMiddleware',
...
)

and finally add this settings variable:

CORS_ORIGIN_ALLOW_ALL = True

This should be enough but for more customized configuration you can check django-cors-headers