-
Notifications
You must be signed in to change notification settings - Fork 14
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Change DRF to TokenAuthentication #72
Comments
groovecoder
added a commit
to groovecoder/codesy
that referenced
this issue
Dec 27, 2014
groovecoder
added a commit
to groovecoder/codesy
that referenced
this issue
Dec 27, 2014
3 tasks
groovecoder
added a commit
to groovecoder/codesy
that referenced
this issue
Dec 28, 2014
groovecoder
added a commit
to groovecoder/codesy
that referenced
this issue
Dec 31, 2014
groovecoder
added a commit
to groovecoder/codesy
that referenced
this issue
Dec 31, 2014
groovecoder
added a commit
to groovecoder/codesy
that referenced
this issue
Jan 2, 2015
groovecoder
added a commit
to groovecoder/codesy
that referenced
this issue
Jan 2, 2015
groovecoder
added a commit
to groovecoder/codesy
that referenced
this issue
Jan 2, 2015
groovecoder
added a commit
to groovecoder/codesy
that referenced
this issue
Jan 2, 2015
groovecoder
added a commit
that referenced
this issue
Jan 2, 2015
fix #72 - add tokens for users for API auth
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Django Rest Framework - as it should - enforces CSRF protection when using SessionAuthentication.
The browser extensions execute their form and AJAX requests from the bug domains. (e.g., github.com) So, the HTTP Referer - github.com - does not match the server-side domain - codesy.io, and the CSRF validation fails.
So, we need to change DRF to TokenAuthentication, which doesn't enforce CsrfMiddleware 'Referer' matching, and is probably better anyway. To do so, we should:
The text was updated successfully, but these errors were encountered: