0

I am trying to fetch one POST request from javaScript file without any HTML form to my Django endpoint but it is giving error 403 (Forbidden). I am facing this error because cookies are not setIn Internet Explorer However when i send post request using HTML form which contains csrf token it automatically set cookies in my browser and then if i again use the previous same process (to send post request using javascript) then it works fine, no any error message because now cookies has been saved in my browser

(this is screenshot of when i went to that endpoint directly without post request just to see details of cookies and in this case it works fine when i fetch post request using javascript) In Chrome Browser

If i again do clear cookies in my browser then it not works gives same error message because cookies has been deleted. Please help me how to solve this issue or how to set cookies automatically in browser as using csrf token does. If possible please attach piece of code which will perform this function as I am newbie in Django and web devlopment i have not much knowledge about these things. Thanks!

Community
  • 1
  • 1
Abhishek Pratap Singh
  • 613
  • 3
  • 11
  • 18
  • 1
    First, in Edge and IE browser, please make sure you are select the "Don't block cookie" option (Edge browser) and allow/accept cookies checkbox (in IE browser). Second, I found some threads, it seems that this issue could be solved by adding some settings, please check them: [link 1](https://stackoverflow.com/questions/39575084/), [Link 2](https://stackoverflow.com/questions/53186554/) and [Link 3](https://stackoverflow.com/questions/43400660/), you could get the CSRF token first, then, add to the request header. – Zhi Lv May 05 '20 at 01:48
  • @ZhiLv-MSFT I have updated the question when i found some information about my issues. Please check once again. Thanks for your help. – Abhishek Pratap Singh May 05 '20 at 06:55
  • You could declare a global variable or use an html element (set the hide property) to store the CSRF token, then get it through JavaScript and add the token in the ajax header. Please check the following resources: [Thread 1](https://stackoverflow.com/questions/49541397/django-ajax-csrf-token-missing), [Thread 2](https://stackoverflow.com/questions/51700954/django-csrf-token-for-ajax) and [Cross Site Request Forgery protection](https://docs.djangoproject.com/en/3.0/ref/csrf/). – Zhi Lv May 13 '20 at 07:37

0 Answers0