Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Create "API Token" setting and send it with requests #31

Closed
3 tasks
groovecoder opened this issue Dec 27, 2014 · 1 comment
Closed
3 tasks

Create "API Token" setting and send it with requests #31

groovecoder opened this issue Dec 27, 2014 · 1 comment
Labels
API
Milestone
January TWD meeting

Comments

@groovecoder
Copy link
Member

Django Rest Framework - as it should - enforces CSRF protection when using SessionAuthentication.

The browser extensions execute their form and AJAX requests from the bug domains. (e.g., github.com) So, the HTTP Referer - github.com - does not match the server-side domain - codesy.io, and the CSRF validation fails.

So, we need to change DRF to TokenAuthentication, which doesn't enforce CsrfMiddleware 'Referer' matching, and is probably better anyway. To do so, we should:
@jdungan jdungan mentioned this issue Dec 27, 2014
Closed
3 tasks
This was referenced Dec 27, 2014
Closed
Closed
@jdungan jdungan mentioned this issue Dec 28, 2014
Closed
@groovecoder groovecoder added this to the January TWD meeting milestone Dec 28, 2014
@jdungan jdungan mentioned this issue Dec 29, 2014
Closed
@jdungan
Copy link
Member

jdungan commented Jan 3, 2015

Fix via #40

@jdungan jdungan closed this as completed Jan 3, 2015
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
API
Projects
None yet
Milestone
January TWD meeting
Development

No branches or pull requests
2 participants
@groovecoder @jdungan