No need for csrf token in rest architecture. because we may have a other ui approaches like reactjs library where we handle those stuff's. So it's better to avoid csf. use csrf_exempt decorator.
this link may explain you what you need after adding csrf exempt decorator https://stackoverflow.com/questions/30871033/django-rest-framework-remove-csrf It's just a basic idea not a fully structured one. On Tue, Mar 12, 2019 at 12:16 PM Alexander Lamas < alexander.g.la...@gmail.com> wrote: > Hi guys, > > I'm new to DRF, and I'm trying to add CSRF token validation in my Web API > application. > > I have added the > > ``` > > {% csrf_token %} > > ``` > > inside of view body. > > DJANGO is adding an automatic hidden field with a CSRF token as a value. > > Is that the correct way on the client side? > > Also, do I have to add the CSRF token into my ajax calls? > If so, should I add it as a header in the ajax call or as a normal > parameter? > > How can I validate the CSRF token on the server side? > > Thank you very much in advance! > > Regards, > Alex > > -- > You received this message because you are subscribed to the Google Groups > "Django REST framework" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to django-rest-framework+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. > -- Suryakumar K Application Developer <https://plus.google.com/u/0/105307579165102910361> <https://www.google.co.in/maps/place/Contus/@13.015601,80.200345,15z/data=!4m2!3m1!1s0x0:0xb3e84ab20dc3785e> No.12 A, Kamak Towers, Guindy, Chennai - 600032, India. +91 8220772825 suryakumar1024 www.contus.com suryakuma...@contus.in This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please delete it right away or notify the sender. -- You received this message because you are subscribed to the Google Groups "Django REST framework" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-rest-framework+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
