0

I am developing a Android application, use django1.6 in server side, I want to POST some data to the server. But its shows error 403.

What I have to do to overcome the error(CSRF token missing or incorrect)?

Is it a good idea to remove csrf middleware (removing django.middleware.csrf.CsrfViewMiddleware from setting file)?

If not, what is an alternate solution=

tjati
  • 5,761
  • 4
  • 41
  • 56
Jisson
  • 3,566
  • 8
  • 38
  • 71

2 Answers2

1

This problem is not django specific. If you search CSRF Restful you will find many questions and answers about this. for e.g. this one

At the basic level, I would say that CSRF is a mechanism to plug security issues affecting people who use browsers. As such, people who use mobile applications are not likely to be affected by this.

You should keep the CSRF layer for people who access your application from web browsers and create a different scheme to access your api from other types of clients.

Community
  • 1
  • 1
Kinjal Dixit
  • 7,777
  • 2
  • 59
  • 68
0

Yep, it's good idea, 'cose you just don't need it for mobile backend, but just removing 

'django.middleware.csrf.CsrfViewMiddleware'

won't be enough, you need add you own middleware, that will disable CSRF.

Here solution http://www.soyoucode.com/2011/really-disable-csrf-django

user2923089
  • 39
  • 4