1

From axios I have to make a put request to the DRF. In DRF I'm using APIView class-based view. Before I was getting 403 forbidden error when I was making put request. Because it was not sending csrftoken in the request. I googled it and went through the CSRF with Django, React+Redux using Axios stack overflow question and somehow I was able to fix 403 forbidden issue.

Going through the above StackOverflow question I changed a few lines of codes and they are.

In my axios file

axios.defaults.xsrfHeaderName = "X-CSRFToken";
axios.defaults.xsrfCookieName = "csrftoken";
axios.defaults.withCredentials = true;

In my project's settings. py file

ALLOWED_HOSTS = ['*']

CORS_ORIGIN_ALLOW_ALL = True
CORS_ALLOW_CREDENTIALS = True

But the wiered part is here when I pass any data to thorough put request from axios, it actually passing the flow to the APIView class (It's my assumption) from there I get a wired response. I could see that it sends the react's index.html as the data in the response.

My views.py code

class TestView(APIView):
    def put(self, request):
        print('inside put method')
        print(request.data)
        return Response('Test data passing in return')

My Axios code

import axios from "axios";
axios.defaults.xsrfHeaderName = "X-CSRFToken";
axios.defaults.xsrfCookieName = "csrftoken";
axios.defaults.withCredentials = true;

return axios({
        method: "put",
        url: API_URL,
        data: alterRecord
    })
        .then(res => {
            console.log("inside then");
            console.log(res);
        })
        .catch(e => {
            console.log("Inside catch");
            console.log(e.message);
        });

In my APIView class for testing purpose, I've added print statements and it doesn't print those lines in the command line. When I saw the requests in the command line, I saw that OPTIONS method also being called I'm not sure why.

[09/Oct/2019 18:02:09] "OPTIONS /api/url/ HTTP/1.1" 200 0
[09/Oct/2019 18:02:09] "PUT /api/url/ HTTP/1.1" 200 2102

In the axios response data i can see that it's passing react's index.html data like this

data: "<!doctype html><html lang="en"><head><meta charset="utf-8"/><link rel="shortcut icon" href="/favicon.ico"/><meta name="viewport" content="width=device-width,initial-scale=1"/><meta name="theme-color" content="#000000"/><link rel="manifest" href="/manifest.json"/><title>NoA</title><link href="/static/css/2.39680177.chunk.css" rel="stylesheet"><link href="/static/css/main.87078788.chunk.css" rel="stylesheet"></head><body><noscript>You need to enable JavaScript to run this app.</noscript><div id="root"></div><script>!function(l){function e(e){for(var r,t,n=e[0],o=e[1],u=e[2],f=0,i=[];f<n.length;f++)t=n[f],p[t]&&i.push(p[t][0]),p[t]=0;for(r in o)Object.prototype.hasOwnProperty.call(o,r)&&(l[r]=o[r]);for(s&&s(e);i.length;)i.shift()();return c.push.apply(c,u||[]),a()}function a(){for(var e,r=0;r<c.length;r++){for(var t=c[r],n=!0,o=1;o<t.length;o++){var u=t[o];0!==p[u]&&(n=!1)}n&&(c.splice(r--,1),e=f(f.s=t[0]))}return e}var t={},p={1:0},c=[];function f(e){if(t[e])return t[e].exports;var r=t[e]={i:e,l:!1,exports:{}};return l[e].call(r.exports,r,r.exports,f),r.l=!0,r.exports}f.m=l,f.c=t,f.d=function(e,r,t){f.o(e,r)||Object.defineProperty(e,r,{enumerable:!0,get:t})},f.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},f.t=function(r,e){if(1&e&&(r=f(r)),8&e)return r;if(4&e&&"object"==typeof r&&r&&r.__esModule)return r;var t=Object.create(null);if(f.r(t),Object.defineProperty(t,"default",{enumerable:!0,value:r}),2&e&&"string"!=typeof r)for(var n in r)f.d(t,n,function(e){return r[e]}.bind(null,n));return t},f.n=function(e){var r=e&&e.__esModule?function(){return e.default}:function(){return e};return f.d(r,"a",r),r},f.o=function(e,r){return Object.prototype.hasOwnProperty.call(e,r)},f.p="/";var r=window.webpackJsonp=window.webpackJsonp||[],n=r.push.bind(r);r.push=e,r=r.slice();for(var o=0;o<r.length;o++)e(r[o]);var s=n;a()}([])</script><script src="/static/js/2.46fe2ccd.chunk.js"></script><script src="/static/js/main.c9f4f998.chunk.js"></script></body></html>"

Here I'm not sure why print statements are not getting printed, why OPTION HTTP method is getting called here and also why am I getting react's index.html as a response instead of Response('Test data passing in return').

If I do the same request from postman it actually sends back the response correctly. But with axios it does not. I'm sure I've to do something with axios. Please, can anyone assist me with this?

Aashay Amballi
  • 1,321
  • 3
  • 17
  • 39
  • The OPTIONS request is a [preflight request](https://developer.mozilla.org/en-US/docs/Glossary/Preflight_request. Are you serving the `index.html` using Django or a different server? What servers are you running on what domains/ports? Please show your URL config. – Alasdair Oct 09 '19 at 12:52
  • @Alasdair I'm running it locally with http://127.0.0.1:8000 – Aashay Amballi Oct 09 '19 at 12:54
  • @Alasdair I think that there is some issue with axios only. If I do a put request from postman it sends me the correct data. But with axios call only it's messing it up. – Aashay Amballi Oct 09 '19 at 13:01
  • Yes, I read that in your original question. I haven't used axios so I can't help you with that. Since your request to `/api/url/` is giving an unexpected response, then my suggestion is still to look at the `urls.py` to see what is responding to `/api/url/`. – Alasdair Oct 09 '19 at 13:07
  • 2
    What is `API_URL` in your axios code? Where is it defined? Can you check it's the url you expect it to be? – dirkgroten Oct 09 '19 at 13:12
  • @dirkgroten That is JavaScript const variable. I have defined it in a file like export const API_URL = "http://127.0.0.1:8000/api/"; – Aashay Amballi Oct 09 '19 at 13:15
  • 2
    But then your axios request goes to "/api" not to "/api/url/". Are you sure it's the correct url for your `TestView`? – dirkgroten Oct 09 '19 at 13:21
  • @dirkgroten Oh my bad. For the put method, I had to append one more URL, I missed that. Thank you so much for your findings :) – Aashay Amballi Oct 09 '19 at 13:29

0 Answers0