I'm trying to login through the http form, from DRF:
> https://my.site.io/api-auth/login/
Using httpie, i generate a session.json to get the CSRFToken:
$ http --session=why -h https://my.site.io/api-auth/login/
Referrer-Policy: same-origin
Server: nginx/1.18.0
Set-Cookie: csrftoken=dT2UuBjp7Xei2iqzmD9A9lNNaTZO8ZHHPh098I8mV27v56E0jePTPgQ0KC3LDmpE; expires=Thu, 02 Dec 2021 15:32:49 GMT; Max-Age=31449600; Path=/; SameSite=Lax
Vary: Cookie
X-Content-Type-Options: nosniff
I use the csrftoken from cookies and :
http --session=why -h POST https://my.site.io/api-auth/login/ username=user password=pass X-CSRFToken:dT2UuBjp7Xei2iqzmD9A9lNNaTZO8ZHHPh098I8mV27v56E0jePTPgQ0KC3LDmpE -p Hh
This is the out put (With both request and response headers):
POST /api-auth/login/ HTTP/1.1
Accept: application/json, */*;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Content-Length: 49
Content-Type: application/json
Cookie: csrftoken=dT2UuBjp7Xei2iqzmD9A9lNNaTZO8ZHHPh098I8mV27v56E0jePTPgQ0KC3LDmpE
Host: my.site.io
User-Agent: HTTPie/2.3.0
csrfmiddlewaretoken: dT2UuBjp7Xei2iqzmD9A9lNNaTZO8ZHHPh098I8mV27v56E0jePTPgQ0KC3LDmpE
HTTP/1.1 403 Forbidden
Connection: keep-alive
Content-Length: 3366
Content-Type: text/html
Date: Thu, 03 Dec 2020 15:33:37 GMT
Referrer-Policy: same-origin
Server: nginx/1.18.0
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
I tried to use X-CSRFToken instead of csrfmiddlewaretoken
I can perform the login through a browser, if a browser is working, i don't see as it can be a problem from the Django Rest Framework configuration. Maybe i'm doing something wrong with httpie
What can it be? Thanks in advance.