{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 疯言疯语 的问题《CSRF Failed: CSRF token missing or incorrect》','https://www.manongdao.com/q-148648.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I'm using Django 1.7 and django-rest-framework.
I made an API that returns me some JSON data putting this in my settings.py
REST_FRAMEWORK = {
'DEFAULT_PERMISSION_CLASSES': ('rest_framework.permissions.AllowAny',),
'DEFAULT_RENDERER_CLASSES': (
# 'rest_framework.renderers.XMLRenderer',
'rest_framework.renderers.JSONRenderer',
# 'rest_framework.renderers.BrowsableAPIRenderer',
)
}
When I make GET calls, it returns me all the data, but when I try with PUT/PATCH I get:
--------Response Headers---------
Status Code: 403
Date: Wed, 29 Oct 2014 18:51:42 GMT
Vary: Cookie
Server: WSGIServer/0.1 Python/2.7.8
Allow: GET, POST, PUT, PATCH, HEAD, OPTIONS
X-Frame-Options: SAMEORIGIN
Content-Type: application/json
---------------------------------
--------Response Body-----------
{"detail": "CSRF Failed: CSRF token missing or incorrect."}
---------------------------------
This only happens when I am logged in, if I am anonymous I can PUT/PATCH correctly.
I have tried with @csrf_exempt and I got errors, I have included the rest_framework.permissions.AllowAny in the setting...
I have no idea what's going on. Does anyone know what the issue is?
When you host django website on Apache server. Djando rest framework with TokenAuthentication and SessionAuthentication will get
To fix this open Apache configuration file - httpd.conf Add following line:
Get token from cookie:
Send token in headers POST request:
This is what i did to solve it, i included csrf token to the form and using jquery/ javascrip got the csrf token like this when document loaded
the included it on jquery headers as follow
I had a similar problem where I'd wrapped the views with
csrf_exemptand was still encountering errors. It turned out that I was getting the URL wrong, so it was resolved to a "not found" callback (which wasn't exempt from CSRF) and was hence throwing an exception before I could be told that the URL was wrong.1- Search for the Cookie header
2- Separate the csrftoken from the sessionid
3- Add the X-CSRFToken={..the csrftoken that you extracted in step 2..} see below
When you are using SessionAuthentication, you are using Django's authentication which usually requires CSRF to be checked. Django REST Framework enforces this, only for
SessionAuthentication, so you must pass the CSRF token in theX-CSRFTokenheader.The Django documentation provides more information on retrieving the CSRF token using jQuery and sending it in requests. The CSRF token is saved as a cookie called
csrftokenthat you can retrieve from a HTTP response, which varies depending on the language that is being used.If you cannot retrieve the CSRF cookie, this is usually a sign that you should not be using
SessionAuthentication. I recommend looking into TokenAuthentication or OAuth 2.0 depending on your needs.