They shouldn't be failing - we enable CSRF tokens on AJAX requests, and 
include CSRF tokens on non-AJAX requests.

Eg. 
https://github.com/tomchristie/django-rest-framework/blob/master/rest_framework/static/rest_framework/js/csrf.js#L49

Worth checking if you've gotten any javascript errors in the browser JS 
console. (Also double check the network requests that are being sent and 
see if they're including a token or not)

It's possible that there's a bug, but I would normally have expected 
someone else to have raised something like that by now (tho that doesn't 
rule it out as a possibility)

-- 
You received this message because you are subscribed to the Google Groups 
"Django REST framework" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
For more options, visit https://groups.google.com/d/optout.

Reply via email to