0

I'm trying to run a post request with my Xamarin app. My backend is a Django app which allows all cross origin:

CORS_ORIGIN_ALLOW_ALL = True

There is no problem when I try to POST, PUT, GET, PATCH, DELETE with my Angular2 app, but when I try with my Xamarin app, my backend returns this error:

csrf token missing or incorrect

My Xamarin c# code looks like that:

namespace Services
{
    public static class Authentication
    {
        public static async Task<string> Login(string email, string password)
        {
            var loginModel = new LoginModel() { email = email, password = password };
            Uri uri = new Uri(Environment.server_url + "rest-auth/login/");
            var json = JsonConvert.SerializeObject(loginModel);
            var content = new StringContent(json, Encoding.UTF8, "application/json");
            HttpResponseMessage response = null;
            using (var client = new HttpClient())
            {
                response = await client.PostAsync(uri, content);
            }
            return await response.Content.ReadAsStringAsync();
        }
    }

    public class LoginModel
    {
        public LoginModel()
        {
        }
        public string email;
        public string password;

    }
}

As you can see, there is no csrf-token added to the header because a don't know how to get this token with Xamarin.

I've tried some random code like this one:

client.DefaultRequestHeaders.Add("x-csrf-token", "Fetch");

Or this one, with a random token just to see:

client.DefaultRequestHeaders.Add("x-csrf-token", "IYTN3eZvkah5vh4y0mEOzCHbbKPcutV4DiSKsbEnlgmuNkdu4jumYdaHYJqUT57n");

But as expected, it doesn't helps.

I've tried to get the token via a get request but the response doesn't contains any token.

Any idea ?

I'm using the last version of Xamarin Forms (2.3.3.175).

Ben
  • 3,972
  • 8
  • 43
  • 82
  • [here](https://en.wikipedia.org/wiki/Cross-site_request_forgery) you can read that value of x-csrf-token is set on you as a cookie and you gotta use it – Oleg Bogdanov Jan 03 '17 at 21:33
  • Does that mean that I have to generate my own token and store it in the cookies? – Ben Jan 03 '17 at 21:45
  • Have you checked if your django server is not setting one in you? It would help to compare received headers with your angular app too – Oleg Bogdanov Jan 03 '17 at 21:48
  • I've tried to read the headers received in my Xamarin app using HttpClient but there is no token in it. – Ben Jan 03 '17 at 21:51
  • I think its about your django setup, please have a look at http://stackoverflow.com/questions/8321217/django-csrf-token-missing-or-incorrect , I know its for another lang but it should help you undersatnding where to dig further, looks like you need to properly tell server that you want token (and angular probably does that silently) – Oleg Bogdanov Jan 03 '17 at 22:00
  • Have you tried only using one instance of your HttpClient? https://aspnetmonsters.com/2016/08/2016-08-27-httpclientwrong/ – Cameron Jan 03 '17 at 22:47
  • I've just tried with only one instance but the problem is still the same – Ben Jan 04 '17 at 09:46

0 Answers0