[Django]-Csrf issue from node js to django

0👍

The CSRF middleware looks for the following COOKIE:

request.COOKIES[settings.CSRF_COOKIE_NAME]

And compare it to the POST csrfmiddlewaretoken.

So you have to make sure that the call to node sets the correct cookie name in:

'Cookie': 'csrftoken=' + data.csrf`

And also, that the POST includes a csrfmiddlewaretoken. It’s safe to access the COOKIE in javascript and send it as the correct token, just make sure you use CSRF_COOKIE_SECURE. The better way is usually to let django put the token as an input field, and set the cookie separately.

Leave a comment