I have such api method:
@api_view(['POST'])
@login_required
def get_posts(request):
# ...
How can I disable CSRF only on this method?
Asked
Active
Viewed 7,250 times
1 Answers
6
For function based views you can usually use the decorator csrf_exempt:
from django.views.decorators.csrf import csrf_exempt
from django.http import HttpResponse
@csrf_exempt
def my_view(request):
return HttpResponse('Hello world')
Update: There may be an exception for the DRF. Take a look here.
Yannic Hamann
- 4,655
- 32
- 50
-
Why did you remove @api_view() from your example? – horbor Sep 28 '18 at 13:36
-
Because ``api_view`` is only for DRF. I wanted to explain that the decorator ``csrf_exempt`` is not DRF specific. So I updated the answer and linked it to another SO question, which explains another related caveat (authentication) in more detail. – Yannic Hamann Oct 01 '18 at 09:46