st4lk
commented
7 years ago You need to send same value in header and in cookies: https://docs.djangoproject.com/en/1.10/ref/csrf/#ajax
Closed annshress closed 6 years ago
st4lk
commented
7 years ago You need to send same value in header and in cookies: https://docs.djangoproject.com/en/1.10/ref/csrf/#ajax
annshress
commented
7 years ago Thanks, your solution helps. But still, I keep getting 400 Bad request.
views.BaseSocialAuthView.post method keeps catching an AuthCanceled exception.
my post params has follows in body: code: //facebook user access token// provider:facebook csrfmiddlewaretoken://csrf token//
and request header has: csrfmiddlewaretoken://same csrf token//
st4lk
commented
7 years ago Does example project work for you?
annshress
commented
7 years ago Nope my settings.py extra configs REST_SOCIAL_OAUTH_REDIRECT_URI = '/' REST_SOCIAL_DOMAIN_FROM_ORIGIN = True
bad response: _ERROR:rest_social_auth.views: Authentication process canceled; ; {u'error': {u'message': u"redirect_uri isn't an absolute URI. Check RFC 3986.", u'code': 191, u'type': u'OAuthException', u'fbtraceid': u'G27RnD9w5GC'}} (2017-02-20 09:11:47; views.py:193)
ergusto
commented
7 years ago Did you manage to get around the CSRF error?
annshress
commented
7 years ago Yes, it was issue related CORS.
For AJAX request, we used credentials=true and send a csrfmiddlewaretoken=
st4lk
commented
6 years ago Guys, I can't reproduce it with example project. Fill free to reopen if the issue still exists.
Trying to use session based authentication from rest-social-auth. Cant figure a way to avoid csrf token validation.