18👍
You need to set it as a header in the request, not in the body. X-CSRFToken
is the key and the value is CSRF token from the cookie. This will work if you are using an API framework like Tastypie
or Django Rest Framework
.
If you are authenticating without an API layer you would need to actually attach the cookie or create one with the CSRF token. This post explains it.
- Django manage.py runserver verbosity
- How to configure Apache to run ASGI in Django Channels? Is Apache even required?
- Problem reusing serializers with django and drf-yasg
- Run django application without django.contrib.admin
Source:stackexchange.com