Hello - 

I'm working on a Chrome Extension that will inject some JavaScript into a 
third-party webpage in order to add some additional functionality.

For part of this functionality, I need to be able to do HTTP POST back to 
my server. I've added it as a trusted origin in my settings.py:

CORS_ORIGIN_WHITELIST = (
    'www.thirdpartysite.com',
)

CSRF_TRUSTED_ORIGINS = (
    'www.thirdpartysite.com',
)

I also added the CorsPostCsrfMiddleware as described here: 
https://github.com/ottoyiu/django-cors-headers#cors_replace_https_referer

However, my HTTP POST from within the Chrome Extension still fails with:

{"detail":"CSRF Failed: CSRF token missing or incorrect."}

How do I handle CSRF protection in Django Rest Framework for this scenario?

Thanks!
Greg

-- 
You received this message because you are subscribed to the Google Groups 
"Django REST framework" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-rest-framework+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to