I'm using postman to check json response from my django-rest-framework.
When my first try to post id, email, password through POST method to my django on AWS(amazon web services), it works well. It returned like:
{
"key": "99def123123123123d88e15771e3a8b43e71f"
}
But after first try, the other words, from second try it returned
{"detail":"CSRF Failed: CSRF token missing or incorrect."}
(Additionally edit +) My putty terminal says "POST /rest-auth/login/ HTTP/1.1" 403 58
I saw http://kechengpuzi.com/q/s31108075, but it is not proper to my case.
and from http://django-rest-framework.narkive.com/sCyJk3hM/authentication-ordering-token-vs-session, i can't find solution which is using postman
How can i use postman appropriately?
Or Could you recommend other tools to use?
I'm making android application with retrofit2 So I need tools to check POST, GET method and responses.
In Test section of the postman, add these lines. var xsrfCookie = postman. getResponseCookie("csrftoken"); postman. setEnvironmentVariable('csrftoken', xsrfCookie.
The CSRF token is like an alphanumeric code or random secret value that's peculiar to that particular site. Hence, no other site has the same code. In Django, the token is set by CsrfViewMiddleware in the settings.py file. A hidden form field with a csrfmiddlewaretoken field is present in all outgoing requests.
Django has a {% csrf_token %} tag that is implemented to avoid malicious attacks. It generates a token on the server-side when rendering the page and makes sure to cross-check this token for any requests coming back in. If the incoming requests do not contain the token, they are not executed.
The “Invalid or missing CSRF token” message means that your browser couldn't create a secure cookie, or couldn't access that cookie to authorize your login. This can be caused by ad- or script-blocking plugins, but also by the browser itself if it's not allowed to set cookies.
If using token based authentication with DRF don't forget to set it in settings.py. Otherwise you'll get a CSRF error
REST_FRAMEWORK = {
'DEFAULT_AUTHENTICATION_CLASSES': [
'rest_framework.authentication.TokenAuthentication',
]
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With