[英]How does DRF turn off CSRF-token check for JWT-based authentication?
I'm using Django Rest Framework with JWT as authentication mechanism . 我正在将Django Rest Framework与JWT用作身份验证机制 。 As far as I've understood, using JWT authentication makes the CSRF-token check not necessary as long as the token is not stored in a cookie.
据我了解,只要令牌未存储在cookie中,使用JWT身份验证就无需进行CSRF令牌检查。
However, checking the django-rest-framework-jwt
code and the Django CsrfViewMiddleware
I don't understand which part of the code turns off the CSRF-token check for JWT-based authentication. 但是,检查
django-rest-framework-jwt
代码和Django CsrfViewMiddleware
我不明白代码的哪一部分会关闭基于JWT的身份验证的CSRF令牌检查。
Does somebody know and can point to the relevant parts of the code? 有人知道并且可以指向代码的相关部分吗?
CSRF豁免发生在Django REST Framework提供的APIView.as_view
。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.