[Answered ]-403 template displaying instead of 404

2👍

When you create a Django web application, POST/PUT/DELETE requires the csrf token. It’s kind of a security policy which Django follows.

Now, why is this required? Because, django web applications by conventions are app’s that would have been run with keeping in mind the context of display and usage.

What you are trying to use is the Client like POSTMAN which is used mainly to test the REST services. (It does not mean you cannot fire requests for an web application that is hosted to work as an Html template).

Now, if you want to provide a POSTable API from your Django web application, consider the @csrf_exempt. The best name given for a topic: csrf-protection-should-be-disabled-for-just-a-few-views.

If you want your application to have, it’s usage as a RESTFul service, make sure you use the right tool, might be Django Rest Framework. (Note: Using @csrf_extempt is also a way for you, if you are providing an API to your site, which would provide some views as an API for POST/PUT).

Leave a comment