Hi,
Thats pretty much the use case I have (accessing an API with no template).
I couldn't get angular to play nice even with the below settings so I'd
resorted to POST-ing the token but then I encountered the POST dict being
turned into JSON.
Appreciate that this short-coming is not django so will bow down to your
superior knowledge in this area if you feel this too much of a 'hack'
Thanks
Richard
On Friday, March 13, 2015 at 6:42:36 PM UTC, Rafał Pitoń wrote:
>
> On Friday, March 13, 2015 at 4:14:55 PM UTC+1, Florian Apolloner wrote:
>>
>> I am pretty sure you can configure angular to send the token in the
>> header. Either way, we are not going to try and load json, just we can't
>> find a token otherwise…
>>
>> Cheers,
>> Florian
>>
>
> Pretty much, you have to tell Angular to use cookie for token and send
> CSRF header:
>
> $http.defaults.xsrfHeaderName = 'X-CSRFToken';
> $http.defaults.xsrfCookieName = 'csrftoken';
>
> However I would argue that option to always send CSRF cookie would be
> useful in situations when your app templates contain no {% csrf_token %},
> yet you need that cookie for API calls from frontend to sign their POST's
> to backend.
>
--
You received this message because you are subscribed to the Google Groups
"Django developers (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/django-developers.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-developers/748a910f-e8c0-4c37-bcbb-d907baa00a8a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
