Reputation: 1160
How to use cookie csrf in django 1.11?
Hello I have a frontend application which was migrated to django and for csrf protection I am using the methodology of copying csrf token from cookies to header of my post request. Django keeps complaining about invalid csrf token despite that the request contais the csrf token from cookies.
In my settings.py I have explicitly specified:
CSRF_USE_SESSIONS = False
to make sure that cookie-based csrf is used according docs
and the request header that gets the cookie csrf is:
HTTP_X_CSRFTOKEN
The cookie is present and copied to the above header
Upvotes: 1
Views: 193
Answers (1)
Reputation: 49082
HTTP_X_CSRFTOKEN is the wrong request header name. The correct name is X-CSRFToken. Django converts HTTP request header names into Python dictionary keys by:
converting all characters to uppercase, replacing any hyphens with underscores, and adding an 'HTTP_' prefix to the name.
Unfortunately that transformation can lead to confusion.
Upvotes: 2
Related Questions
- Django REST Framework CSRF Failed: CSRF cookie not set
- Django Rest Framework will not accept my CSRF Token
- python Django REST Framework CSRF Failed: CSRF cookie not set?
- CSRF cookie not set [Django/AngularJS]
- csrf cookie not set django rest
- Django REST Framework Forbidden CSRF cookie not set
- Django CSRF cookie HttpOnly
- Django: CSRF cookie not set
- Issue with CSRF token cookies in Django 1.6
- Populate a cookie with a Django csrf token