3

I'm exploring using GraphQL-Django instead of building a large number of REST API endpoints. To that end I've successfully installed and am running the 'cookbook' sample app, part of the Graphene Django package: https://github.com/graphql-python/graphene-django

To better understand how the GraphQL technology works, I'm trying to make calls to the Graphene server with Postman. However I'm getting a CSRF error and have tried several things to resolve it, such as this: Django returns 403 error on POST request with Fetch

But so far I've had no luck. Is there a definitive guide to using Postman with Graphene?

Robert

Robert_LY
  • 641
  • 8
  • 21
  • I have an answer here https://stackoverflow.com/questions/44185188/graphene-django-must-provide-query-string/44509102#44509102 with some steps on how to use postman with a mutation. The answer about CSRF exemptions is sti.l relelvant though. – Mark Chackerian Jun 26 '17 at 20:11
  • Actually, I see that you have been there already... – Mark Chackerian Jun 26 '17 at 20:12

2 Answers2

2

You probably want to be using graphiql rather than postman. But if you're having CSRF troubles (and want the url to be CSRF exempt... think hard on that) you can wrap the view in a csrf exemption. In your urls.py

from django.views.decorators.csrf import csrf_exempt

url(r'^graphql', csrf_exempt(GraphQLView.as_view(graphiql=True, schema=schema))),

styryx
  • 36
  • 2
  • 1
    For completeness, if you did wish to keep CSRF you'll need to install the postman interceptor chrome extension and you can grab the CSRF value from there once you've logged in. In subsequent requests you add the `X-CSRF-Token` header. – styryx Jun 26 '17 at 11:07
0

You can use insomnia instead of postman. It's great with graphql.

But as @styryx answered, you should use csrf_exempt:

from django.urls import path
from django.views.decorators.csrf import csrf_exempt

from graphene_django.views import GraphQLView

urlpatterns = [
    path("graphql", csrf_exempt(GraphQLView.as_view(graphiql=True))),
]

On this tutorial of a package of mine, is an example using insomnia client

pedrobern
  • 1,134
  • 9
  • 24