Reputation: 2064
Populate a cookie with a Django csrf token
i need to understand something.
I've a rest server on server A (django-rest-framework). An app on server B (angularjs) requests the rest server.
I want to add authentication. each time i request http://serverA/api-auth/login/, it returns 403 because i don't pass the csrf token.
So, in my app.js, i've added :
.run(function($http, $cookies) {
$http.defaults.headers.post['X-CSRFToken'] = $cookies.csrftoken;
});
now, fine, i can send the csrf token. My question is, how can i populate the cookie ? Do i have to do a get() to obtain the token before posting ? Because currently my cookie is empty :(
Thank you
Upvotes: 0
Views: 573
Answers (2)
Reputation: 26568
Assuming your angularjs code using jquery ajax to post, you can put the csrf token into the meta tag
<!--<meta name="csrf-token" content="{{csrf_token}}">-->
Then setup your jquery ajax method to include the csrf token.
jQuery(document).ajaxSend(function(event, xhr, settings) {
if (!(/^http:.*/.test(settings.url) || /^https:.*/.test(settings.url))) {
//var token = $('meta[name="csrf-token"]').attr('content');
var csrftoken = $.cookie('csrftoken');
xhr.setRequestHeader("X-CSRFToken", csrftoken);
}..............
});
Upvotes: 0
Reputation: 15559
You cannot use SessionAuthentication method if you don't share the same domain. In your case the OAuth2Authentication is the way to go.
Upvotes: 1
Related Questions
- Django Rest Framework will not accept my CSRF Token
- Pass Django CSRF token to Angular with CSRF_COOKIE_HTTPONLY
- CSRF cookie not set [Django/AngularJS]
- How to use cookie csrf in django 1.11?
- csrf cookie not set django rest
- Getting and inserting the value of a CSRF cookie set by Django in Angular
- CSRF tokens from Angular 4 to Django
- Django REST Framework Forbidden CSRF cookie not set
- Django/AngularJS: CSFR Token Error
- Django not providing CSRF token for AngularJS frontend