{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 家丑人穷心不美 的问题《How to make a Django-Rest-Framework API that takes》','https://www.manongdao.com/q-248730.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I'm building a Django application with Django-Rest-Framework APIs. I have built an API endpoint as follows. I want to be able to POST data from my browser. I want to retrieve an object model from my Database that has the matching primary as given in the URL. And I want to operate on that retrieved object based on the data posted by the browser. If I could just grab the posted data from with my ViewSet, I would be done. But I don't know how to get to execute that viewset's update() function when I do a POST.
From my urls.py file:
router.register(r'replyComment', views.ReplyComment, base_name="replyComment")
From my views.py file:
class ReplyComment(viewsets.ViewSet):
def update(self,request,pk=None):
try:
origComment = Comment.objects.get(pk=pk)
# Do something here that modifies the state of origComment and saves it.
return Response(
json.dumps(True),
status=status.HTTP_200_OK,
)
except Exception as exception:
logger.error(exception)
return Response(status=status.HTTP_400_BAD_REQUEST)
I'm using the Advanced Rest Client (ARC) tool in my Chrome browser. When I point the ARC tool to http://127.0.0.1:3001/api/replyComment/2/ using the POST method, I get the error:
{
detail: "CSRF Failed: CSRF token missing or incorrect".
}
See the screenshot here. It seems like I'm doing something wrong here with my POST. Can someone please advise how to do this properly? How can I get around my CSRF issue? I'm a newbie to Django Rest Frameworks. So if you can provide clear details, it would be most appreciated. Please let me know what changes I need to make to ensure my POST works as I intend it to? I need a bit more help than simply referring me to the manual. (I tried that but still couldn't make it work)
See the Headers field above the payload?
Try adding this:
I viewed the screen shot and squinted trying to read out the CSRF token you have set on your server. So it could be wrong, double check it against your settings.py file. Bibhas is correct, but this is how you accomplish a POST using ARC in your browser.
Well. other answers are correct. but i guess your problem is that you don't know how to use these answers.
here is an example. lets say i want to send a field
namewith jquery ajax function overPUTmethod(updating name on a model).first we should get the
csrf-tokenfrom cookies server send us. this function from django documentation does the job(getting some value from cookie):when we send
putrequest, we will send the csrf token in request header:note that in
beforeSendi set theX-CSRFTokenso csrf-token is sent in request header.you should change
urlanddataof course.CSRF Tokens are required in Django to protect against CSRF(Cross Site Request Forgery). For methods that writes something (POST, PUT, DELETE etc), you need to include a CSRF token with your request so that Django knows the request came from your own site.
You can read more about in Django-rest-framework documentation. And as it says in the doc, you can find how to include the CSRF token in the HTTP Header in Django documentation.