DRF post method working without csrf token. Is it safe?

Asked Mar 24 '21 at 08:56

Active Mar 24 '21 at 08:56

Viewed 125 times

Before working with drf, i knew that, we need to add csrf token to submit the form data.

But in django-rest-framework POST method working without csrf token.

Is it safe?

createGroup=()=>{
        let store = JSON.parse(localStorage.getItem('login'))
        var url = 'http://127.0.0.1:8000/myapi/creategroup/'
        fetch(url,{
            method:'POST',
            headers: {
                'Content-Type': 'application/json',
                'Authorization': 'Token '+store.token,
            },
            body:JSON.stringify({
                'name':this.state.groupName,
            })
        })
        .then((response)=>{
            response.json()
            document.getElementById('i').value=''
            this.setState({groupName:''})
            
        })
    }

asked Mar 24 '21 at 08:56

Asif Biswas

are you using jwt ? – seif Mar 24 '21 at 08:58
See : https://stackoverflow.com/questions/5207160/what-is-a-csrf-token-what-is-its-importance-and-how-does-it-work – Tim Mar 24 '21 at 08:59

DRF post method working without csrf token. Is it safe?

0 Answers0