22👍
Solution
You need to set the X-CSRFToken in the Header settings of Insomnia (https://support.insomnia.rest/article/49-cookies
).
- Go to Header Settings in Insomnia
- Add a new entry
X-CSRFToken - Search vor
cookie, click onRequest => Cookie - Click again on
Request => Cookie - Type
csrftokeninto Cookie Name - Click Done
and try it again.
Explanation
The CSRF Token is set by Django in the cookie. This is done within the first request to the server. Then the value of the cookie is send back to the server within the heaader as X-CSRF-Token.
You can see whats going on in the debugger of your browser (F12 in Chrome)
-
csrftoken Cookie is set
-
csrftoken is send back as X-CSRF-Token to the server within the Request Header
2👍
Mentioning as an answer rather than a comment because of low reputation.
Adding an entry named X-CSRFTOKEN works. But for that to work, make sure you have some urls which don’t require csrftoken and make a request. The solution will only work after making a successful request to the API, or else Insomnia doesn’t get the token from the server and No cookies in store for URL error will appear.
1👍
In addition to @basti500’s answer.
Using X-CSRFTOKEN instead of X-CSRFToken works with Django’s default
CSRF_HEADER_NAME which isHTTP_X_CSRFTOKEN.
That is:
- Go to Header tab in Insomnia
- Add a new entry
X-CSRFTOKEN - Search vor cookie, click on
Request => Cookie - Click again on
Request => Cookie - Type
csrftokeninto Cookie Name - Click Done
Make sure to check if the CSRF_HEADER_NAME is set in Django’s settings.py
- Django long request timeout
- Django – How can you include annotated results in a serialized QuerySet?
- How do I execute an arbitrary script in the context of my Django project?
- 'AnonymousUser' object is not iterable
- Monolithic or microservice concept
0👍
basti500’s answer worked for me. But it gave me a 405 Method Not Allowed
I had mistakenly added an / at the end of my endpoint, just removing it worked fine for me without any extra headers.
- Difference between null=True and on_delete=models.SET_NULL django
- Django admin, filter objects for inline formset
- Django pre_save signal does not work
- Cron parser and validation in python
- Django admin – how to get all registered models in templatetag?
0👍
If you’ve wandered here but are just using Django for the web server and Insomnia (or Postman), here’s how I got the CSRF Token
Create an endpoint:
from django.views.decorators.csrf import get_token
urlpatterns = [
# ...other URL patterns...
path('api/csrf-token/', get_token, name='api-csrf-token'),
]
Start your Django server and make a request to the /api/csrf-token/. This request will return the CSRF token in the response.
Copy the CSRF token from the cookie response.
In Insomnia:
Open your request in Insomnia or create a new request.
Go to the "Headers" tab.
Add a new header with the name "X-CSRFToken" and paste the CSRF token value as the header value.
Send your request.
- Cannot Log in to Django Admin Interface with Heroku Deployed App
- Django form field label translations