Thanks for the reply Norbert. I did see that page, where would the csrftoken cookie come from in this case though? Since I'm injecting my JavaScript onto a page hosted on a separate domain, there's no csrftoken cookie set there.
I came across this post on Stackoverflow: https://stackoverflow.com/questions/30871033/django-rest-framework-remove-csrf Is that what I need to do here? On Tue, Feb 20, 2018 at 2:26 AM, Norbert Mate <mt.norb...@gmail.com> wrote: > This also might be useful: > https://gist.github.com/bengolder/aa9033efc8959dc38e5d > > > On Tuesday, February 20, 2018 at 1:54:36 AM UTC+2, Greg Barker wrote: > >> Hello - >> >> I'm working on a Chrome Extension that will inject some JavaScript into a >> third-party webpage in order to add some additional functionality. >> >> For part of this functionality, I need to be able to do HTTP POST back to >> my server. I've added it as a trusted origin in my settings.py: >> >> CORS_ORIGIN_WHITELIST = ( >> 'www.thirdpartysite.com', >> ) >> >> CSRF_TRUSTED_ORIGINS = ( >> 'www.thirdpartysite.com', >> ) >> >> I also added the CorsPostCsrfMiddleware as described here: >> https://github.com/ottoyiu/django-cors-headers#cors_replace_https_referer >> >> However, my HTTP POST from within the Chrome Extension still fails with: >> >> {"detail":"CSRF Failed: CSRF token missing or incorrect."} >> >> How do I handle CSRF protection in Django Rest Framework for this >> scenario? >> >> Thanks! >> Greg >> > -- > You received this message because you are subscribed to a topic in the > Google Groups "Django REST framework" group. > To unsubscribe from this topic, visit https://groups.google.com/d/ > topic/django-rest-framework/tHVPZzuR8QY/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > django-rest-framework+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Django REST framework" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-rest-framework+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
