Postman Django CSRF error when requesting obtain_auth_token route

Question

Basically the same as this post which didn't get an answer, when I try to access the token route of the rest_framework using Postman, I get a 403 that says

"CSRF cookie not set."

I don't understand why I would need a token to request the route which is supposed to give me an authentication token, but most of all, I don't know how to get around this issue !

Mohamed Beltagy · Answer 1 · 2021-11-08T13:24:07.277

0

you can go to the postman and delete all cookies for that request

and if a problem exists go to your Django app settings.py file and disable session as follow

REST_FRAMEWORK = {

    'DEFAULT_AUTHENTICATION_CLASSES': (
       #'rest_framework.authentication.SessionAuthentication', # disable this
    ),}

some people may suggest disabling CSRF in middleware(this is not recommended)

MIDDLEWARE = [
    'django.middleware.security.SecurityMiddleware',
    'django.contrib.sessions.middleware.SessionMiddleware',
    'django.middleware.common.CommonMiddleware',
    #'django.middleware.csrf.CsrfViewMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware',
    'django.middleware.clickjacking.XFrameOptionsMiddleware', ]

this same in stackoverflow you can check foollowing

Django CSRF Cookie Not Set

edited Nov 08 '21 at 13:24

answered Nov 08 '21 at 10:52

Mohamed Beltagy

593
4
8

I have "No cookies available" in the "Manage cookies" interface, I will try to look into disable session – PleaseHelp Nov 08 '21 at 12:25
"'django.contrib.sessions.middleware.SessionMiddleware' must be in MIDDLEWARE in order to use the admin application". I actively use the admin interface for my project, and it seems sessions are a core part of it. So I can't disable sessions, do you have any other idea ? – PleaseHelp Nov 08 '21 at 12:28
I don't mean session middleware i modified the answer – Mohamed Beltagy Nov 08 '21 at 13:24
disabling sessions as you mentioned did not work. However, I found what was wrong : i was missing the ending "/" in my urls .py. I don't understand how it lead to that error, but making sure I had the "/" in my urls.py AND my request on Postman fixed it somehow. – PleaseHelp Nov 08 '21 at 13:34

score 0 · Answer 2 · answered Nov 08 '21 at 14:34

0

It ended up being that in my urls.py the route ended with a "/" that I forgot to add to the url in postman. I tried the opposite and the same error was thrown.

answered Nov 08 '21 at 14:34

PleaseHelp

133
9

Postman Django CSRF error when requesting obtain_auth_token route

2 Answers2

this same in stackoverflow you can check foollowing