KonstantinSchubert
commented
8 years ago Some observation that might help to make the csrf-check pass on the POST sent by my app:
I observed that there is a field CSRF_COOKIE in the request.META which is different from the csrftoken in the COOKIE header. I am not sending a CSRF_COOKIE from my app. Should I? Or is this something that django puts in? But then maybe the CSRF_COOKIE and the csrftoken in the COOKIE field should match?
I added a decorator csrf_exempt to the workload_entries and the menu_lectures_all functions of the API views.
However, this view is accessible by browsers.
I must either remove the csrf_exempt OR protect the page from being accessible by browsers.