My way, i use the csrf_token tag on template, an pass it to the view in the
ajax call, using
$.ajax({
url : url,
type : "POST", // http method
data : {'csrfmiddlewaretoken': $('input[name="csrfmiddlewaretoken"]').val(),
'v1':v1,'v2':v2,....
}, // data sent with the post request
El martes, 26 de mayo de 2020, 14:19:08 (UTC-4), Kevin escribió:
>
> Hi,
>
> I'm not able to POST to django without having a csrf_token cookie sent
> with the request, though the documentation says you can set an X-CSRFToken
> header - it appears to be entirely ignored.
>
> The behaviour has been pointed out a couple of times before:
>
> https://code.djangoproject.com/ticket/26904
>
> https://code.djangoproject.com/ticket/30514
>
> but it doesn't appear to have ever been triaged by a project member or
> looked into in any way.
>
> I'm trying to find a definitive answer - should a POST request to a CSRF
> protected endpoint work without the cookie if the header is set?
>
> Thanks
>
> -Kevin
>
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-users/329b6346-2a11-449f-9c02-51d79f774fe1o%40googlegroups.com.
