10👍
Use the @csrf_exempt-decorator:
from django.views.decorators.csrf import csrf_exempt
@api_view(['POST'])
@csrf_exempt
def api_add(request):
return Response({"test": 'abc'})
Update:
If you never need csrf-checks, remove the middleware. Seach for MIDDLEWARE_CLASSES in settings.py and remove 'django.middleware.csrf.CsrfViewMiddleware',.
5👍
Django-Rest-Framework automatically adds @csrf_exempt to all APIView (or @api_view).
Only exception is the SesssionAuthentication which forces you (correctly) to use CSRF, see the docs on CSRF or the DRF source
- How to set default value for FloatField in django model
- Django development server showing Error 61 Connection Refused with Redis
- How to give foreign key name in django
- Auto Populate Slug field django
- There is no South database module 'south.db.postgresql_psycopg2' for your database django
2👍
I solved this like this:
@api_view(['POST'])
@csrf_exempt
def add(request):
....
to:
@csrf_exempt
@api_view(['POST'])
def add(request):
.....
0👍
I had the similar issue. I tried using @csrf_exempt but it did not work.
I changed ALLOWED_HOSTS = '*' to ALLOWED_HOSTS = [] and it worked for me on local.
- Adding per-object permissions to django admin
- Django queryset return single value
- Django.core.exceptions.ImproperlyConfigured: AUTH_USER_MODEL refers to model 'auth.User' that has not been installed
- Writable nested serializer in django-rest-framework?
Source:stackexchange.com