You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Django Rest Framework - as it should - enforces CSRF protection when using SessionAuthentication.
The browser extensions execute their form and AJAX requests from the bug domains. (e.g., github.com) So, the HTTP Referer - github.com - does not match the server-side domain - codesy.io, and the CSRF validation fails.
So, we need to change DRF to TokenAuthentication, which doesn't enforce CsrfMiddleware 'Referer' matching, and is probably better anyway. To do so, we should:
Django Rest Framework - as it should - enforces CSRF protection when using SessionAuthentication.
The browser extensions execute their form and AJAX requests from the bug domains. (e.g., github.com) So, the HTTP Referer - github.com - does not match the server-side domain - codesy.io, and the CSRF validation fails.
So, we need to change DRF to TokenAuthentication, which doesn't enforce CsrfMiddleware 'Referer' matching, and is probably better anyway. To do so, we should:
Authorization: Token 9944b09199c62bcf9418ad846dd0e4bbdfc6ee4b
with requests.The text was updated successfully, but these errors were encountered: