CSRF Exempt inside view?

Question

I want to call a csfr protected class view inside other view in django, but this is giving me a CSFR not set error.

I tried to disable it with the csfr_exempt function (Reference), but it did not work at all:

from django.contrib.auth import views as django_auth_views
from django.views.decorators.csrf import csrf_exempt

def my_view(request):
    response = csrf_exempt(
            django_auth_views.PasswordResetView.as_view()
    )(request)

It keeps giving me the same error.

Is there anyway I can do it? Thanks.

score 0 · Answer 1 · answered May 08 '21 at 01:40

I was able to do it by adding the token manually:

    csrf_token = get_csrf_token(request)

    request.POST._mutable = True
    request.POST['csrfmiddlewaretoken'] = csrf_token
    request.COOKIES[settings.CSRF_COOKIE_NAME] = csrf_token
    request.POST._mutable = False

    response_from_password_reset_post = django_auth_views.PasswordResetView.as_view()(request)

CSRF Exempt inside view?

1 Answers1