python - Unable to disable CSRF check in django 1.10 -
i using django-1.10 project , want o disable csrf check in project. did created csrfdiable middleware , added in middlewares after commonmiddleware
. same process worked me in django 1.8 in django 1.10 not working. tried removing django.middleware.csrf.csrfviewmiddleware
doesn't work me. middleware class below
class disablecsrf(object): def __init__(self, get_response): self.get_response = get_response def __call__(self, request): return self.get_response(request) def process_request(self, request): setattr(request, '_dont_enforce_csrf_checks', true) middleware = [ 'django.middleware.security.securitymiddleware', 'django.contrib.sessions.middleware.sessionmiddleware', 'django.middleware.common.commonmiddleware', 'common.middlewares.disablecsrf', # 'django.middleware.csrf.csrfviewmiddleware', 'django.contrib.auth.middleware.authenticationmiddleware', 'django.contrib.messages.middleware.messagemiddleware', 'django.middleware.clickjacking.xframeoptionsmiddleware', ]
the error getting on post
request
{ "detail": "csrf failed: csrf token missing or incorrect." }
disabling csrf protection
globally not idea. if still want disable csrf
rest-framework
based apis can override sessionauthentication
class of django-rest-framework
, add in django-rest-framework
default_authentication_classes
settings , done. can
from rest_framework.authentication import sessionauthentication class csrfexemptsessionauthentication(sessionauthentication): def enforce_csrf(self, request): return # not perform csrf check
and in settings rest_framework add
rest_framework = { 'default_authentication_classes': ( 'path of .csrfexemptsessionauthentication', # path of csrfexemptsessionauthentication class 'rest_framework.authentication.basicauthentication' ), }
i hope work
or can use token base authentication
.
Comments
Post a Comment