Reputation: 533
Sending CSRF Tokens via Postman
I'm trying to test my web server's login with Postman. First, I send a GET request to my login url, and I get a CSRF token as a cookie. Then, I make a POST request to that login page, with my username, password, and CSRF token.
My problem is, when I do this in Postman, I get a 403 forbidden error when I try to make that POST request to login. I'm copying the CSRF token received and putting it as one of the POST parameters, and I'm using a valid username and password. Is there anything I'm overlooking here?
Upvotes: 12
Views: 32065
Answers (3)
Reputation: 5
Works for me :
Set in Postman Header :
KEY : Authorization
Value : Token "Your token"
Upvotes: -3
Reputation: 1
Try installing the Postman Interceptor Extension on GoogleChrome. It worked for me.
Upvotes: 0
Reputation: 9568
You need to set it as a header in the request, not in the body. X-CSRFToken is the key and the value is CSRF token from the cookie. This will work if you are using an API framework like Tastypie or Django Rest Framework.
If you are authenticating without an API layer you would need to actually attach the cookie or create one with the CSRF token. This post explains it.
Upvotes: 18
Related Questions
- Django rest-api: Postman can't see CSRF token
- Run django api from postman: CSRF verification failed
- Django Rest Framework, CSRF not Working in POST requests with Postman
- Avoid csrf token in django post method
- How to Use Postman to Authenticate to Django REST Framework
- How to pass CSRF token in POST data to Django?
- Django gives 'CSRF token missing or incorrect.' error even after passing it in the POST call
- Django doesn't check for a csrf token with Ajax post
- How to obtain csrf token for a python POST request to Django server
- Django: Make POST Requests on Server Side with CSRF Token