Menu
I am calling obtain.auth_token from urls as follows
url(r'^api-token/','rest_framework.authtoken.views.obtain_auth_token')
I get back
{
detail: "CSRF Failed: CSRF token missing or incorrect."
}
I am wondering why this happends as I was under the impression django-rest-framework was usualy CSRF exempt
Thanks
838
That view uses a POST. DRF always requires CSRF for session-authenticated POST's.
Sensitive requests like getting an auth token should use POST for just this reason.
172
I had the exact same issue. Check if you have sign out of the browser.
2
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
