Note that you can use HTML form only to issue GET or POST.
Other verbs do require xhr (ajax) calls. There is an example in Django csrf
docs how to pass token in xhr headers.
9.3.2018 17.22 "Jochen Wersdoerfer" <jochen.wersdoer...@gmail.com>
kirjoitti:
> Hi *,
>
> I'm trying to use custom put forms for the browsable api. In my
> development environment
> everything worked as expected, but in production I got csrf errors on
> submitting those put
> forms (csrf token missing or incorrect). So I looked at base.html and
> learned that only post
> forms get a {% csrf_token %}. Then I used api.html to overwrite the body
> block with a version
> that adds {% csrf_token %} to put forms, but it didn't work. I still get
> csrf errors and I'm
> wondering whether the csrf_token tag was left out intentionally or if it
> is a bug. Maybe someone
> knows something about this?
>
> best,
> Jochen
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django REST framework" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-rest-framework+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
>
--
You received this message because you are subscribed to the Google Groups
"Django REST framework" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-rest-framework+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
