Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How can we validate CSRF-Token with Every POST Request? #8

Closed
Ammadhashmi opened this issue Aug 4, 2020 · 3 comments
Closed

How can we validate CSRF-Token with Every POST Request? #8

Ammadhashmi opened this issue Aug 4, 2020 · 3 comments

Comments

@Ammadhashmi
Copy link

Ammadhashmi commented Aug 4, 2020
edited

I am trying to Validate the CSRF-Token on every Request Please Guide me how to do that in this API framework
@vitalik
Copy link
Owner

vitalik commented Sep 10, 2020

Hi @Ammadhashmi

I will keep this open...

The plan is to allow to pass csrf flag either on top NinjaAPI(..., csrf=True) or per operation

@vitalik vitalik reopened this Sep 10, 2020
@JusticeN
Copy link

JusticeN commented Oct 6, 2020

hi did you try the django way of protecting agains csrf.

since ninja use the same views function as django, does it didn't works when you add django.middleware.csrf.CsrfViewMiddleware in your middleware ?

@vitalik
Copy link
Owner

vitalik commented Oct 18, 2020

by default Django Ninja have CSRF off
but if you start using any cookie based authentication it will throw an error
you need to set csrf flag to True:

api = NinjaAPI(csrf=True)

added in v.0.7.0

https://django-ninja.rest-framework.com/tutorial/csrf/

@vitalik vitalik closed this as completed Oct 21, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@vitalik @JusticeN @Ammadhashmi