[Fixed]-Rest-auth still reports the error of "CSRF cookie not set", but I've set the csrf

1👍

The token in your request is currently named _csrf. It needs to be called csrfmiddlewaretoken for Django to pick it up.

0👍

Thanks to Raphael Gomes. I made some progress on this.
I changed my server.js file as:

const cookieParser = require('cookie-parser');
const csrf = require('csurf');
app.use(cookieParser());
app.use(csrf({ cookie: true }));
app.use(function (req, res, next) {
  res.cookie('csrfmiddlewaretoken', req.csrfToken());
  next();
});

And in the Fiddler,
enter image description here

I can see 2 csrfs there, one default and one set by me. I tried to remove app.use(csrf({ cookie: true })); but then it shows csrf misconfigued. Anyway, at least csrfmiddlewaretoken works in this way.

Then the authentication result is like:
enter image description here

enter image description here

It says this csrf token is not valid. I think that’s because I used the req.csrfToken(). I am still researching that how to set the correct csrf token.

Leave a comment