Closed brylie closed 1 year ago
The solution for me in this case was to remove the following line from REST_FRAMEWORK
config
"rest_framework.authentication.SessionAuthentication",
So my REST_FRAMEWORK
config looks like this:
REST_FRAMEWORK = {
"DEFAULT_AUTHENTICATION_CLASSES": (
"rest_framework.authentication.TokenAuthentication",
),
"DEFAULT_SCHEMA_CLASS": "rest_framework.schemas.coreapi.AutoSchema",
}
In a hybrid site with an HTML UI and REST client, it is common to have CSRF enabled to protect website visitors from malicious activity.
https://stackoverflow.com/a/26639895/1191545
However, when enabling
dj-rest-auth
and trying to makePOST
requests to endpoints, such aslogin/
, Django is producing CSRF errors:https://stackoverflow.com/questions/26639169/csrf-failed-csrf-token-missing-or-incorrect
It may be necessary to wrap the
dj-rest-auth
URLs in acsrf_exempt
decorator, as per this comment:https://stackoverflow.com/a/48879567/1191545