They shouldn't be failing - we enable CSRF tokens on AJAX requests, and include CSRF tokens on non-AJAX requests.
Eg. https://github.com/tomchristie/django-rest-framework/blob/master/rest_framework/static/rest_framework/js/csrf.js#L49 Worth checking if you've gotten any javascript errors in the browser JS console. (Also double check the network requests that are being sent and see if they're including a token or not) It's possible that there's a bug, but I would normally have expected someone else to have raised something like that by now (tho that doesn't rule it out as a possibility) -- You received this message because you are subscribed to the Google Groups "Django REST framework" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
