Menu
How to unset csrf in modelviewset of django-rest-framework?
I'll use viewsets.ModelViewSet(http://django-rest-framework.org/api-guide/viewsets.html#modelviewset) of django-rest-framework.
And my app is api server. So I don't need to use csrf.
But I don't know how to unset csrf.
Please give me a example!
475
By setting the cookie and using a corresponding token, subdomains will be able to circumvent the CSRF protection. The only way to avoid this is to ensure that subdomains are controlled by trusted users (or, are at least unable to set cookies).
If you're using SessionAuthentication you'll need to include valid CSRF tokens for any POST , PUT , PATCH or DELETE operations. In order to make AJAX requests, you need to include CSRF token in the HTTP header, as described in the Django documentation.
ModelViewSet. The ModelViewSet class inherits from GenericAPIView and includes implementations for various actions, by mixing in the behavior of the various mixin classes. The actions provided by the ModelViewSet class are .list() , .retrieve() , .create() , .update() , .partial_update() , and .destroy() .
APIView allow us to define functions that match standard HTTP methods like GET, POST, PUT, PATCH, etc. Viewsets allow us to define functions that match to common API object actions like : LIST, CREATE, RETRIEVE, UPDATE, etc.
CSRF is only enforced if you're using SessionAuthentication. If you're using one of the other form of authentication (eg TokenAuthentication) then it won't be required.
66
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
