Django Rest - CSRF Failed: CSRF token missing or incorrect

Asked Mar 22 '16 at 12:34

Active Mar 24 '16 at 07:13

Viewed 2,489 times

Got a weird scenario. I am on the Django Rest browser api with a logged in user. When I update it is okay. But when I try to create a user, this error shows:

CSRF Failed: CSRF token missing or incorrect.

it also auto logged out me every single time.

In views.py, I already have added

permission_classes = (permissions.IsAuthenticatedOrReadOnly,)

Still same error and scenario. In my settings.py:

REST_FRAMEWORK = {
    'DEFAULT_AUTHENTICATION_CLASSES': (
        'rest_framework.authentication.SessionAuthentication',
    ),
    'DEFAULT_PERMISSION_CLASSES': [
        'rest_framework.permissions.AllowAny',
    ],
}

Anyone experienced this?

edited Mar 22 '16 at 12:42

asked Mar 22 '16 at 12:34

Bazinga

2,456
33
76

What's the Django auth backend ? What about middlewares ? – Linovia Mar 22 '16 at 12:48
@Linovia, `'django.middleware.csrf.CsrfViewMiddleware',` included – Bazinga Mar 22 '16 at 12:49
You can make your view of rest as csrf_exempt. – Dharmik Mar 22 '16 at 12:54
csrf_exempt won't work with DRF views. – Linovia Mar 22 '16 at 12:59
@bazinga what about (Django) sessions ? Are they configured ? what's their backends ? – Linovia Mar 22 '16 at 13:12
@Linovia for installed_apps: `'django.contrib.sessions', ` for middleware: `'django.contrib.sessions.middleware.SessionMiddleware',` `'django.contrib.auth.middleware.SessionAuthenticationMiddleware',` – Bazinga Mar 22 '16 at 13:16
Since I'm doing REST API, I've deleted the 'django.middleware.csrf.CsrfViewMiddleware'. You can do the same maybe – Cagatay Barin Mar 22 '16 at 13:16
When I removed `SessionAuthentication` in `DEFAULT_AUTHENTICATION_CLASSES` the csrf error is gone, although when creating data/POST, it is 404 – Bazinga Mar 24 '16 at 09:16

Django Rest - CSRF Failed: CSRF token missing or incorrect

0 Answers0