Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Using django with postman {"detail":"CSRF Failed: CSRF token missing or incorrect."}

I'm using postman to check json response from my django-rest-framework.

When my first try to post id, email, password through POST method to my django on AWS(amazon web services), it works well. It returned like:

  {
    "key": "99def123123123123d88e15771e3a8b43e71f"
}

But after first try, the other words, from second try it returned

{"detail":"CSRF Failed: CSRF token missing or incorrect."}

(Additionally edit +) My putty terminal says "POST /rest-auth/login/ HTTP/1.1" 403 58

I saw http://kechengpuzi.com/q/s31108075, but it is not proper to my case.

and from http://django-rest-framework.narkive.com/sCyJk3hM/authentication-ordering-token-vs-session, i can't find solution which is using postman

  1. How can i use postman appropriately?

  2. Or Could you recommend other tools to use?

I'm making android application with retrofit2 So I need tools to check POST, GET method and responses.

like image 510
H.fate Avatar asked Sep 04 '16 09:09

H.fate


People also ask

How do I add CSRF token in Postman Django?

In Test section of the postman, add these lines. var xsrfCookie = postman. getResponseCookie("csrftoken"); postman. setEnvironmentVariable('csrftoken', xsrfCookie.

What is CSRF token in Django?

The CSRF token is like an alphanumeric code or random secret value that's peculiar to that particular site. Hence, no other site has the same code. In Django, the token is set by CsrfViewMiddleware in the settings.py file. A hidden form field with a csrfmiddlewaretoken field is present in all outgoing requests.

How does Django handle Csrf?

Django has a {% csrf_token %} tag that is implemented to avoid malicious attacks. It generates a token on the server-side when rendering the page and makes sure to cross-check this token for any requests coming back in. If the incoming requests do not contain the token, they are not executed.

What is CSRF token missing or incorrect?

The “Invalid or missing CSRF token” message means that your browser couldn't create a secure cookie, or couldn't access that cookie to authorize your login. This can be caused by ad- or script-blocking plugins, but also by the browser itself if it's not allowed to set cookies.


1 Answers

If using token based authentication with DRF don't forget to set it in settings.py. Otherwise you'll get a CSRF error

REST_FRAMEWORK = {
    'DEFAULT_AUTHENTICATION_CLASSES': [
        'rest_framework.authentication.TokenAuthentication',
    ]
}
like image 175
aris Avatar answered Sep 18 '22 01:09

aris