Hi Suryakumar, Thank you very much for your reply.
I'm actually NOT using React.js in my front end. I'm using Bootstrap, jQuery and ajax calls. Do you reckon still better to avoid CSRF in my template views? Thank you very much! Regards, Alex On Tuesday, March 12, 2019 at 4:10:45 PM UTC+9, SuryaKumar K wrote: > > No need for csrf token in rest architecture. because we may have a other > ui approaches like reactjs library where we handle those stuff's. So it's > better to avoid csf. use csrf_exempt decorator. > > this link may explain you what you need after adding csrf exempt decorator > > https://stackoverflow.com/questions/30871033/django-rest-framework-remove-csrf > > It's just a basic idea not a fully structured one. > > On Tue, Mar 12, 2019 at 12:16 PM Alexander Lamas <alexande...@gmail.com > <javascript:>> wrote: > >> Hi guys, >> >> I'm new to DRF, and I'm trying to add CSRF token validation in my Web API >> application. >> >> I have added the >> >> ``` >> >> {% csrf_token %} >> >> ``` >> >> inside of view body. >> >> DJANGO is adding an automatic hidden field with a CSRF token as a value. >> >> Is that the correct way on the client side? >> >> Also, do I have to add the CSRF token into my ajax calls? >> If so, should I add it as a header in the ajax call or as a normal >> parameter? >> >> How can I validate the CSRF token on the server side? >> >> Thank you very much in advance! >> >> Regards, >> Alex >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Django REST framework" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to django-rest-framework+unsubscr...@googlegroups.com <javascript:> >> . >> For more options, visit https://groups.google.com/d/optout. >> > > > -- > Suryakumar K > Application Developer > <https://plus.google.com/u/0/105307579165102910361> > > <https://www.google.co.in/maps/place/Contus/@13.015601,80.200345,15z/data=!4m2!3m1!1s0x0:0xb3e84ab20dc3785e> > No.12 > A, Kamak Towers, Guindy, Chennai - 600032, India. +91 8220772825 > suryakumar1024 > www.contus.com suryak...@contus.in <javascript:> > > This email and any files transmitted with it are confidential and intended > solely for the use of the individual or entity to whom they are addressed. > If you have received this email in error please delete it right away or > notify the sender. > -- You received this message because you are subscribed to the Google Groups "Django REST framework" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-rest-framework+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
