I am trying to use Django + Django REST Framework, and a recent update to a
package I need requires I start using `session_csrf`, but DRF does not seem
to play well with this package.
I added `session_csrf.CsrfMiddleware` to MIDDLEWARE_CLASSES and put the
monkeypatch() call into urls.py as indicated in the documentation for
SessionCSRF. GETs work fine, but when I try to POST I receive errors. In
the UI I see the
Forbidden (403)
CSRF verification failed. Request aborted.session_csrf
page when I try to log in using the DRF login form. When I perform a GET on
the login page, I see this in the server output:
/Users/me/myapp/site/sitepackages/django/template/defaulttags.py:66:
UserWarning: A {% csrf_token %} was used in a template, but the context did
not provide the value. This is usually caused by not using RequestContext.
I then added an AppConfig class:
INSTALLED_APPS = (
'django',
'rest_framework',
...
'apps.MyConfig',
)
... and:
from django.apps import AppConfig
import session_csrf
class MyConfig(AppConfig):
name = 'apps'
def ready(self):
print('AppConfig CONFIGURING...')
session_csrf.monkeypatch()
... but still get:
AppConfig CONFIGURING...
Validating models...
System check identified no issues (0 silenced).
August 01, 2017 - 12:33:26
Django version 1.8.18, using settings 'settings'
AppConfig CONFIGURING...
/Users/me/myapp/site/sitepackages/django/template/defaulttags.py:66:
UserWarning: A {% csrf_token %} was used in a template, but the context did
not provide the value. This is usually caused by not using RequestContext.
Does anyone have experience using session_csrf in conjunction with DRF?
--
You received this message because you are subscribed to the Google Groups
"Django REST framework" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
