I'm using Django Rest Framework with JWT as authentication mechanism . As far as I've understood, using JWT authentication makes the CSRF-token check not necessary as long as the token is not stored in a cookie.
However, checking the django-rest-framework-jwt
code and the Django CsrfViewMiddleware
I don't understand which part of the code turns off the CSRF-token check for JWT-based authentication.
Does somebody know and can point to the relevant parts of the code?
CSRF豁免发生在Django REST Framework提供的APIView.as_view
。
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.