Hi Rafał,
On 03/13/2015 12:42 PM, Rafał Pitoń wrote:
> On Friday, March 13, 2015 at 4:14:55 PM UTC+1, Florian Apolloner wrote:
>
> I am pretty sure you can configure angular to send the token in the
> header. Either way, we are not going to try and load json, just we
> can't find a token otherwise…
>
> Cheers,
> Florian
>
>
> Pretty much, you have to tell Angular to use cookie for token and send
> CSRF header:
>
> $http.defaults.xsrfHeaderName = 'X-CSRFToken';
> $http.defaults.xsrfCookieName = 'csrftoken';
>
> However I would argue that option to always send CSRF cookie would be
> useful in situations when your app templates contain no {% csrf_token
> %}, yet you need that cookie for API calls from frontend to sign their
> POST's to backend.That option exists and is documented: https://docs.djangoproject.com/en/1.7/ref/contrib/csrf/#django.views.decorators.csrf.ensure_csrf_cookie It's a view decorator, but if you look at its implementation, you can see that it's based on a middleware, which would be easy to apply to a whole site if that's what you wanted. Carl -- You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-developers+unsubscr...@googlegroups.com. To post to this group, send email to django-developers@googlegroups.com. Visit this group at http://groups.google.com/group/django-developers. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/5504D0C4.9060806%40oddbird.net. For more options, visit https://groups.google.com/d/optout.
signature.asc
Description: OpenPGP digital signature
