Fetch API leads to CSRF error in Django, but not cURL?

Question

I'm running across a really weird error where the fetch API (in a React-Native project) leads to a CSRF error but cURL doesn't lead to the same error. Here's the notable code:

Fetch code:

  _signup = () => {
    fetch('http://localhost/users/', {
      method: 'post',
      headers: {
        'Accept': 'application/json',
        'Content-Type': 'application/json',
      },
      body: JSON.stringify(this.state)
    }).then(response => {
      return response.json();
    }).then(jsonResponse => {
      console.log(jsonResponse);
    }).catch (error => {
      console.log(error)
    })

  }

which gives the following response

 Object {
 "detail": "CSRF Failed: CSRF token missing or incorrect.",
}

and the cURL code is:

curl -X POST -d '{"username":"a", "email":"", "password":"a"}' -H "Content-Type: application/json" http://localhost/users/

where the response is

{"url":"http://localhost/users/13/","username":"a7","email":""}

the relevant Django view is just a viewset:

Django View:

class UserViewSet(viewsets.ModelViewSet):
    """
    API endpoint that allows users to be viewed or edited.
    """
    queryset = User.objects.all()
    serializer_class = UserSerializer.

Is there any reason this should be happening? As far as I know, fetch and curl should be doing the same thing?

check out - https://stackoverflow.com/questions/26639169/csrf-failed-csrf-token-missing-or-incorrect — tarzen chugh, Sep 10 '18 at 05:30

score 0 · Accepted Answer · answered Sep 10 '18 at 06:19

0

It turns out that there were cookies stored in the app, deleting them solved the problem.

answered Sep 10 '18 at 06:19

user6003782

90
6

Can you describe how you actually did it? That will be much appreciated. – Alex Pogiba Jun 19 '19 at 08:10
I just reset the development device I think (iOS simulator) – user6003782 Jul 16 '19 at 11:06

Fetch API leads to CSRF error in Django, but not cURL?

1 Answers1