Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Using django with postman {"detail":"CSRF Failed: CSRF token missing or incorrect."}

Tags:

android

django

postman

django-rest-framework

I'm using postman to check json response from my django-rest-framework.

When my first try to post id, email, password through POST method to my django on AWS(amazon web services), it works well. It returned like: 

  {
    "key": "99def123123123123d88e15771e3a8b43e71f"
}

But after first try, the other words, from second try it returned 

{"detail":"CSRF Failed: CSRF token missing or incorrect."}

(Additionally edit +) My putty terminal says "POST /rest-auth/login/ HTTP/1.1" 403 58

I saw http://kechengpuzi.com/q/s31108075, but it is not proper to my case.

and from http://django-rest-framework.narkive.com/sCyJk3hM/authentication-ordering-token-vs-session, i can't find solution which is using postman

  1. How can i use postman appropriately?

  2. Or Could you recommend other tools to use?

I'm making android application with retrofit2 So I need tools to check POST, GET method and responses.

like image 510
H.fate Avatar asked Sep 04 '16 09:09

H.fate

People also ask

How do I add CSRF token in Postman Django?

In Test section of the postman, add these lines. var xsrfCookie = postman. getResponseCookie("csrftoken"); postman. setEnvironmentVariable('csrftoken', xsrfCookie.

What is CSRF token in Django?

The CSRF token is like an alphanumeric code or random secret value that's peculiar to that particular site. Hence, no other site has the same code. In Django, the token is set by CsrfViewMiddleware in the settings.py file. A hidden form field with a csrfmiddlewaretoken field is present in all outgoing requests.

How does Django handle Csrf?

Django has a {% csrf_token %} tag that is implemented to avoid malicious attacks. It generates a token on the server-side when rendering the page and makes sure to cross-check this token for any requests coming back in. If the incoming requests do not contain the token, they are not executed.

What is CSRF token missing or incorrect?

The “Invalid or missing CSRF token” message means that your browser couldn't create a secure cookie, or couldn't access that cookie to authorize your login. This can be caused by ad- or script-blocking plugins, but also by the browser itself if it's not allowed to set cookies.

1 Answers

If using token based authentication with DRF don't forget to set it in settings.py. Otherwise you'll get a CSRF error

REST_FRAMEWORK = {
    'DEFAULT_AUTHENTICATION_CLASSES': [
        'rest_framework.authentication.TokenAuthentication',
    ]
}
like image 175
aris Avatar answered Sep 18 '22 01:09

aris
Sign in to Comment

Related questions

Flutter change splash screen background color
Using Intl properly in Android React Native app
AAPT: error: resource android:attr/android:progressBarStyleSmall not found
is there a masters degree in Mobile development like android? [closed]
I want to play a video from my assets or raw folder
draw text "ellipsized" to a canvas
How to get longer stack dump (tombstone) from android?
Retain Fragment state between Activities
Run code only once after an application is installed on Android device
Passing nothing to an AsyncTask in Android
How to edit multiline strings in Android strings.xml file?
ExpandableListView - group indication is stretch to fit the text size
Get current wallpaper
Cannot get android MediaPlayer onCompletion to fire
ListFragment how to get the listView?
Android Multiple Notifications and with multiple intents
How to create Button Dynamically in android?
how to add padding between menu items in android? [duplicate]
adb server is out of date. killing... cannot bind 'tcp:5037' ADB server didn't ACK * failed to start daemon * in ubuntu 14.04 LTS
How to add the recyclerview to project

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!