The view for csrf token is what I'm testing out now. I created a standard
GET handler which should be returning the CSRF token. I was hoping to see
how others have solved the problem. Possibly more elegantly that a "pre"
GET to the POST just to obtain the CSRF token; however, at the same time I
understand the need.
I would prefer not to make the calls exempt for the obvious security
reasons.
On Friday, September 22, 2017 at 2:17:08 PM UTC-4, Matthew Pava wrote:
>
> Do you have access to the Django backend code?
>
> You could disable CSRF validation by applying the @csrf_exempt decorator
> to the corresponding view functions.
>
> Maybe you could create a view that returns only the CSRF token (through
> AJAX?) that you can utilize as needed?
>
>
>
> *From:* django...@googlegroups.com <javascript:> [mailto:
> django...@googlegroups.com <javascript:>] *On Behalf Of *Tom Gorup
> *Sent:* Friday, September 22, 2017 8:46 AM
> *To:* Django users
> *Subject:* CSRF and API Calls
>
>
>
> I'm having a bit of an issue. I'm attempting to utilize a Javascript/React
> App to interact with a Django backend without the use of templates (hence
> no {%csrftoken%} available). As I understand CSRF middleware, the CSRF
> token comes with the form on the GET and is provided in the POST; however,
> if I'm not utilizing the templates and the app is completely separate from
> Django.
>
>
>
> How do I go about obtaining the CSRF token prior to making the
> POST/PUT/etc.?
>
>
>
> Let me know if you need more context. Appreciate any assistance!
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-users...@googlegroups.com <javascript:>.
> To post to this group, send email to djang...@googlegroups.com
> <javascript:>.
> Visit this group at https://groups.google.com/group/django-users.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-users/13ecce96-2de8-4a42-8b1e-3b98ccbae524%40googlegroups.com
>
> <https://groups.google.com/d/msgid/django-users/13ecce96-2de8-4a42-8b1e-3b98ccbae524%40googlegroups.com?utm_medium=email&utm_source=footer>
> .
> For more options, visit https://groups.google.com/d/optout.
>
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-users/f0c08232-d39f-418e-8467-3e3af69dbad8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
