Hi Greg, maybe the problem is how do you send the CSRF token. Have you checked out this? http://www.django-rest-framework.org/topics/ajax-csrf-cors/ I have no experience with Chrome extenstions but I assume it uses ajax. In that case you have to include the token in the http header.
Regards, Norbert. On Tuesday, February 20, 2018 at 1:54:36 AM UTC+2, Greg Barker wrote: > > Hello - > > I'm working on a Chrome Extension that will inject some JavaScript into a > third-party webpage in order to add some additional functionality. > > For part of this functionality, I need to be able to do HTTP POST back to > my server. I've added it as a trusted origin in my settings.py: > > CORS_ORIGIN_WHITELIST = ( > 'www.thirdpartysite.com', > ) > > CSRF_TRUSTED_ORIGINS = ( > 'www.thirdpartysite.com', > ) > > I also added the CorsPostCsrfMiddleware as described here: > https://github.com/ottoyiu/django-cors-headers#cors_replace_https_referer > > However, my HTTP POST from within the Chrome Extension still fails with: > > {"detail":"CSRF Failed: CSRF token missing or incorrect."} > > How do I handle CSRF protection in Django Rest Framework for this scenario? > > Thanks! > Greg > -- You received this message because you are subscribed to the Google Groups "Django REST framework" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
