I am calling <code>obtain.auth_token</code> from urls as follows <pre class="prettyprint"><code>url(r'^api-token/','rest_framework.authtoken.views.obtain_auth_token') </code></pre> I get back <pre class="prettyprint"><code>{ detail: "CSRF Failed: CSRF token missing or incorrect." } </code></pre> I am wondering why this happends as I was under the impression django-rest-framework was usualy CSRF exempt Thanks

That view uses a POST. DRF always requires CSRF for session-authenticated POST's. Sensitive requests like getting an auth token should use POST for just this reason.

CSRF error when using rest_framework.authtoken.views.obtain._auth_token

Tags:

django

django-rest-framework

I am calling obtain.auth_token from urls as follows

url(r'^api-token/','rest_framework.authtoken.views.obtain_auth_token')

I get back

{
detail: "CSRF Failed: CSRF token missing or incorrect."
}

I am wondering why this happends as I was under the impression django-rest-framework was usualy CSRF exempt

Thanks

838

asked Jun 15 '13 01:06

user155813

2 Answers

That view uses a POST. DRF always requires CSRF for session-authenticated POST's.

Sensitive requests like getting an auth token should use POST for just this reason.

172

answered Nov 02 '22 21:11

paulmelnikow

I had the exact same issue. Check if you have sign out of the browser.

answered Nov 02 '22 20:11

Ryu_hayabusa

Recent Activity
Apple Pay - authorize.net returns error 153 only when live, sandbox works
How to continue cursor loop even error occured in the loop
python find all neighbours of a given node in a list of lists
Fatal error: Call to a member function setColumn() on a non-object in Magento
Count how many of each value from a field with MySQL and PHP
Python 32-bit development on 64-bit Windows [closed]

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!

Donate Us With