Hi,
It is not enought that you send token as a cookie, you need to send
cookie value as part of the POST request as well.
Django uses X-CSRFToken header in AJAX calls. You could use normal POST
variable if you're using normal form encoded POST, but usually with DRF
you send something like JSON where it's not possible to embed CSRF token.
See https://docs.djangoproject.com/en/1.10/ref/csrf/#ajax for more
information and example with jQuery.
On 26.01.2017 08:47, Bob Aalsma wrote:
Hi Jani,
Thanks!
I've checked now (learning as well, thank you :)) and I see the
response from the server but the body of the response says "failed to
load response data".
I've tested what happens when this user is not logged in: same error.
[I had taken 403 to mean that the user was authenticated but not
permitted to perform the requested operation - not so!]
After logging in again I can see the csrf token as a cookie; the csrf
token is included in the send but I'm not sure how to verify the
correctness of that part.
Is there a way to see if this is the cause of the problem?
Bob
--
You received this message because you are subscribed to the Google
Groups "Django REST framework" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to [email protected]
<mailto:[email protected]>.
For more options, visit https://groups.google.com/d/optout.
--
Jani Tiainen
--
You received this message because you are subscribed to the Google Groups "Django
REST framework" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
