How to attach csrf header and value in axios POST request

Question

I need to send CSRF token when the user sign up with form provided.

However, since the signup/signin will be the first time to interact with django REST API, so I create a dummy GET request when the webpage is loaded to retrieve the CSRF token from django.

The token is retrieved and stored in cookie.

However, I still get Forbidden (CSRF cookie not set.) from django.

This is my axios POST request.

import axios from 'axios'
axios.defaults.xsrfCookieName = 'vcubes'
axios.defaults.xsrfHeaderName = 'X-CSRFToken'

let req = {
    url: 'http://localhost:9000/vcubes/signup/',
    method : 'POST',
    headers: {
        'Content-Type': 'text/plain'
    },
    data: data
}

NOTE:

When I add withCredentials: true into headers in axios POST, the browser send OPTIONS request instead of POST.

score 2 · Answer 1 · answered Mar 02 '21 at 12:33

  let csrftoken = Vue.$cookies.get('vcubes')

  return axios.post('', data, {
    headers: {
      'X-CSRFToken': csrftoken
    }
  }).then(response => {
    return response.data
  })

This is pretty similar to Shane's answer, but show's how to get the csrf token in Vue. If your problem is getting the cookie, then this SO answer should help you.

score 1 · Answer 2 · answered Nov 05 '18 at 23:31

1

Here's what I use in django:

result = { "insert your key values here" }
data = JSON.stringify(result)
axios.post("{% url 'error_checking' %}", data, {headers: {'X-CSRFToken': '{{ csrf_token }}',}})

answered Nov 05 '18 at 23:31

Shane Cheek

143
2
12

How to attach csrf header and value in axios POST request

2 Answers2