DEVHIDE
Login Or Sign up

Problems with CSRF token in Django REST Framework integration with React

58 Views Asked by At

I'm doing a website using Django REST Framework as a backend with session authentication, React in the frontend and django-cors-headers to communicate between the two. Each is served in the same IP address but in different ports. I've implemented an authentication system using SessionAuthentication and the User model from Django. The problem is that when I do post requests to the backend it always returns error 403 although the CORS headers config seems to be correct and the csrftoken and X-CSRFToken are included in the headers. Here a part of the frontend responsible for the API calls:

import axios from 'axios';

axios.defaults.xsrfCookieName = 'csrftoken';
axios.defaults.xsrfHeaderName = 'x-csrftoken';
axios.defaults.withCredentials = true;

export const client = axios.create({
    baseURL: "http://127.0.0.1:8000"
});

export const Register = (credentials) => {
    return client.post('/api/register', credentials)
}

export const Login = (credentials) => {
    return client.post('/api/login', credentials, {'withCredentials': true})
}

And the views.py:

@method_decorator(csrf_protect, name='dispatch')
class UserRegister(APIView):
    permission_classes = (permissions.AllowAny,)
    #authentication_classes = (SessionAuthentication,)
    def post(self, request):
        clean_data = custom_validation(request.data)
        serializer = UserRegistrationSerializer(data=clean_data)
        if serializer.is_valid(raise_exception=True):
            user = serializer.create(clean_data)
            if user:
                return Response(serializer.data, status=status.HTTP_201_CREATED)
        return Response(status=status.HTTP_400_BAD_REQUEST)

@method_decorator(csrf_protect, name='dispatch')
class UserLogin(APIView):
    permission_classes = (permissions.AllowAny,)
    #authentication_classes = (SessionAuthentication,)
    def post(self, request):
        data = request.data
        assert validate_username(data)
        assert validate_password(data)
        serializer = UserLoginSerializer(data=data)
        if serializer.is_valid(raise_exception=True):
            user = serializer.check_user(data)
            login(request, user)
            return Response(serializer.data, status=status.HTTP_200_OK)

I have tried the same API endpoints using the Django REST Framework Interface and Postman (although in Postman I had to manually create the X-CSRFToken) and it works as intended (registering, logging in, any kind of post request which requires a CSRF token)

reactjs django django-rest-framework csrf django-cors-headers
Original Q&A
0

There are 0 best solutions below

Related Questions in REACTJS

Related Questions in DJANGO

Related Questions in DJANGO-REST-FRAMEWORK

Related Questions in CSRF

Related Questions in DJANGO-CORS-HEADERS

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.