Hi,
I'm not able to POST to django without having a csrf_token cookie sent with the request, though the documentation says you can set an X-CSRFToken header - it appears to be entirely ignored.
The behaviour has been pointed out a couple of times before:
https://code.djangoproject.com/ticket/26904
https://code.djangoproject.com/ticket/30514
but it doesn't appear to have ever been triaged by a project member or looked into in any way.
I'm trying to find a definitive answer - should a POST request to a CSRF protected endpoint work without the cookie if the header is set?
Thanks
-Kevin
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/1e318fcd-32bc-448b-bd4d-05b92f4a8afc%40googlegroups.com.
No comments:
Post a Comment