1

I am developing this android app which uploads images to my website which is developed on django.

I have used django-rest-framework to create this api for uploading files. Now I need to use Forms to save the images(see the code below)

@api_view(['GET', 'POST'])
def create_image(request):
    ImageModel = get_image_model()
    ImageForm = get_image_form(ImageModel)
    if request.user.is_authenticated():
        if request.method == 'POST':
            image = ImageModel(uploaded_by_user=request.user)
            form = ImageForm(request.POST, request.FILES, instance=image)
            if form.is_valid():
                image.file_size = file.size
                form.save()

But it gives the error CSRF verification failed. Request aborted. I've tried @csrf_exempt but still the same error.

As I re-read the documentation of Django-rest-framework, I found THIS which says:

Note that if deploying to Apache using mod_wsgi, the authorization header is not passed through to a WSGI application by default, as it is assumed that authentication will be handled by Apache, rather than at an application level.

If you are deploying to Apache, and using any non-session based authentication, you will need to explicitly configure mod_wsgi to pass the required headers through to the application.

So, the authentication is being handled by Apache and not at the application level.

suneet
  • 400
  • 1
  • 5
  • 19
  • Have you included `{% csrf_token %}` inside the `
    ` element?
     – gtlambert Feb 18 '16 at 12:26
  • Do you really want to skip it or should it be included?... Also, what does "it didn't help" entail? what happened when you tried it? – Sayse Feb 18 '16 at 12:27
  • Since i am making requests from android, i do need to skip the verification. – suneet Feb 18 '16 at 12:31
  • Possible duplicate of [Django Rest Framework remove csrf](http://stackoverflow.com/questions/30871033/django-rest-framework-remove-csrf) – m.antkowicz Feb 18 '16 at 12:41

0 Answers0