stackoom
  简体   繁体   中英

How does DRF turn off CSRF-token check for JWT-based authentication?

 原文  2018-08-20 13:31:53       django/ django-rest-framework/ django-csrf/ django-rest-framework-jwt

Question

I'm using Django Rest Framework with JWT as authentication mechanism . As far as I've understood, using JWT authentication makes the CSRF-token check not necessary as long as the token is not stored in a cookie.

However, checking the django-rest-framework-jwt code and the Django CsrfViewMiddleware I don't understand which part of the code turns off the CSRF-token check for JWT-based authentication.

Does somebody know and can point to the relevant parts of the code?

1 answers

solution1
 1 ACCPTED  2018-08-20 13:37:28

CSRF豁免发生在Django REST Framework提供的APIView.as_view

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How exactly should JWT-based authentication be implemented in Django (drf and simplejwt)? how to pass csrf-token in first request Django DRF - How to do CSRF validation with token authentication Add CSRF-TOKEN into angularJs 2 Authentication error 401 for jwt token in DRF tests How protect from CSRF Login and Register endpoints (views) of an API created with DRF which use JWT as authentication? Declacre CSRF-Token in forms.py how to send user it with access jwt token in drf How can I make a POST-request using Javscript in Django (CSRF-Token)? django rest api with jwt authentication is asking for csrf token
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM