stackoom
  简体   繁体   中英

How to use cookie csrf in django 1.11?

 原文  2018-08-18 09:39:06       django/ django-rest-framework/ csrf

Question

Hello I have a frontend application which was migrated to django and for csrf protection I am using the methodology of copying csrf token from cookies to header of my post request. Django keeps complaining about invalid csrf token despite that the request contais the csrf token from cookies.
In my settings.py I have explicitly specified: CSRF_USE_SESSIONS = False to make sure that cookie-based csrf is used according docs

and the request header that gets the cookie csrf is: HTTP_X_CSRFTOKEN

The cookie is present and copied to the above header

1 answers

solution1
 2 ACCPTED  2018-08-26 07:54:48

HTTP_X_CSRFTOKEN is the wrong request header name. The correct name is X-CSRFToken . Django converts HTTP request header names into Python dictionary keys by:

converting all characters to uppercase, replacing any hyphens with underscores, and adding an 'HTTP_' prefix to the name.

Unfortunately that transformation can lead to confusion.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How import and use csrf token in django 1.11? “403 CSRF cookie not set” when doing POST on Android, with CSRF_USE_SESSIONS = True (Django 1.11) How to get CSRF token from mobile apps when CSRF_USE_SESSIONS is True ? (Django 1.11) Django 1.11 CSRF token is not generated Django DRF with React: How to obtain CSRF cookie? Django: CSRF cookie not set Django - csrf cookie not set csrf cookie not set django Django CSRF cookie HttpOnly Django CSRF Cookie Not Set
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM