CSRF Token Missing

[dhicksNTIA]

Description

This is a question about using a CSRF cookie name/header name with the generated JS library.

Swagger-codegen version

2.2.1

Swagger declaration file content or url

Command line used for generation

java -jar ~/Downloads/swagger-codegen-cli-2.2.1.jar generate -l javascript -i ~/Downloads/schema.json -o ~/Documents/heathcliff/clients/javascript

Steps to reproduce

N/A

Related issues/PRs

Suggest a fix/enhancement

Okay, so to get a broader sense of what I am doing:

• I am using Docker/NGINX/Gunicorn to serve up a Django DRF application
• The application uses session authentication.
• I have an endpoint, using drf_yasg, to generate a JSON schema file.
• I then generate the javascript client.
• I upload this generated client to npm
• I use webpack to stuff into budle.js
• When I use the sample code in the markdown file, provided by client docs, I get a 403 error indicating that the CSRF token is missing

Question is: how can I tell the JS client to use a CSRF token. In COREAPI, i can do something like:

var coreapi = window.coreapi;

// Initialize a client & load the schema document
var url = 'https://localhost/api/v1/schema.json';

var auth = new coreapi.auth.SessionAuthentication({
    csrfCookieName: 'csrftoken',
    csrfHeaderName: 'X-CSRFToken'
})

var client = new coreapi.Client({ auth: auth })

is there something similar with the generated JS code? Do i have to specify a security parameter in settings.py besided basic?

[macjohnny]

which JS client are you using? e.g. with angular, there is a default mechanism that uses the cookie named XSRF-TOKEN and sends it as a header named X-XSRF-TOKEN (https://github.com/angular/angular/blob/master/packages/common/http/src/module.ts#L94 and https://github.com/angular/angular/blob/master/packages/common/http/src/xsrf.ts#L90)