The CSRF header name needs to be configurable

vitalik / django-ninja

💨 Fast, Async-ready, Openapi, type hints based framework for building APIs

https://django-ninja.dev

MIT License

7.09k stars 423 forks source link

The CSRF header name needs to be configurable #1190

Open vegaed opened 3 months ago

vegaed commented 3 months ago

We use a different header name than X-CSRFToken and causes testing via swagger-ui to fail against our api.

Either use the django setting or provide a way to override.

Code in question is https://github.com/vitalik/django-ninja/blob/c6d44b62a180fcf8ddfd73d67e0274a77b9d30ae/ninja/templates/ninja/swagger_cdn.html#L28

Speedy1991 commented 3 months ago

You can just overwrite this template with your own template in ninja/templates/ninja/swagger_cdn.html and add your custom logic (e.g. access your settings)

vegaed commented 3 months ago

@Speedy1991 I have added my own template and its not pulling from it.