Using django with postman {“detail”:“CSRF Failed: CSRF token missing or incorrect.”}

前端未结

关注

 7  2068

谎友^

I\'m using postman to check json response from my django-rest-framework.

When my first try to post id, email, password through POST method to my django on AWS(amazon web

相关标签:

7条回答

旧时难觅i

2021-02-20 17:11

For me the solution was to add the X-CSRFToken header in Postman (gotten from initial login response in browser)

see https://stackoverflow.com/a/26639895/8133649

0 讨论(0)
发布评论:

提交评论
- 加载中...
庸人自扰

2021-02-20 17:12
Just in case it may be useful for somebody, I was facing the same problem with Postman. I was asked to include a CSRF on every request after getting a token for the first time so I realized that I had Session and Token authentication methods enabled so I commented out the SessionAuthentication line (of course, you could remove it as well)
```
'DEFAULT_AUTHENTICATION_CLASSES': [
    'rest_framework.authentication.TokenAuthentication',
    # 'rest_framework.authentication.SessionAuthentication',
]
```
After that, I was able to request a token by using only my credentials without including any CSRF code:

I think that the fact of having those two auth classes activated was causing Django to muddle up somehow.
0 讨论(0)
发布评论:

提交评论
- 加载中...
暖寄归人

2021-02-20 17:17
Your api need CSRF token, you have to add CSRF token to the request(and postman):
```
data: { csrfmiddlewaretoken: csrf_token, "username": "thesamething", "email": "thesamething", "password": "thesamething" }
```
You can get CSRF token from your form input field(you will find a hidden field if you use django build-in form api) or if you use Ajax, you can have a look at Cross Site Request Forgery protection.It has nothing to do with your authorization key, your key is use to identify who you are, and CSRF token is to make sure this request is send from your server.
0 讨论(0)
发布评论:

提交评论
- 加载中...
忘了有多久

2021-02-20 17:19
You can either use csrfmiddlewaretoken: csrf_token, in your json data where csrf_token is a valid token, but in a situation where including it you are unable to provide a correct token, comment or remove SessionAuthentication as below.
```
'DEFAULT_AUTHENTICATION_CLASSES': [
    'rest_framework.authentication.TokenAuthentication',
    # 'rest_framework.authentication.SessionAuthentication',
]
```
0 讨论(0)
发布评论:

提交评论
- 加载中...

野性不改

2021-02-20 17:26

In settings.py file

INSTALLED_APPS = [
...
...
...
...
'rest_framework.authtoken',
...
]

REST_FRAMEWORK = {
    'DEFAULT_AUTHENTICATION_CLASSES': (
        'rest_framework.authentication.TokenAuthentication',
    ),
}

in project urls.py

from rest_framework.authtoken import views

urlpatterns = [
    ....
    path('api-token-auth/',views.obtain_auth_token,name='api-token-auth')

]

Open terminal as

$ pip3 install httpie
$ python3 manage.py createsuperuser # if not created
$ http POST http://localhost:8000/api-token-auth/ username="username" password = "password"   # You will get token key (Just copy it) ex:a243re43fdeg7r4rfgedwe89320

You token key will be also automatically saved in your databases

Go to postman header (like in example) Ex: screenshot from postman ,where and how to paste accessed toke Then insert you token key.

reference to get token key from this video

0 讨论(0)

無奈伤痛

2021-02-20 17:27

i changed request method from post to patch and i could login

0 讨论(0)
发布评论:

提交评论
- 加载中...

1 2 下一页