You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Jan 11, 2021. It is now read-only.
When CSRF_COOKIE_HTTPONLY is enabled in Django, django-rest-swagger always errors with:
{"detail": "CSRF Failed: CSRF token missing or incorrect."}
I think this is because it's unable to retrieve the CSRF token using $.cookiehere. Instead it needs to grab it from the DOM. My current workaround is to add a {% csrf_token %} to the api_selector block and then manually set the cookie:
This feels like an ugly fix and potential security issue (since it's effectively undoing HTTPONLY) for a relatively common use case. My suggestion is a toggleable setting to conditionally include the CSRF token in the template, and conditionally look for that DOM value in shred.bundle.js instead of getting it from $.cookie.
The text was updated successfully, but these errors were encountered:
When
CSRF_COOKIE_HTTPONLY
is enabled in Django, django-rest-swagger always errors with:I think this is because it's unable to retrieve the CSRF token using
$.cookie
here. Instead it needs to grab it from the DOM. My current workaround is to add a{% csrf_token %}
to theapi_selector
block and then manually set the cookie:This feels like an ugly fix and potential security issue (since it's effectively undoing
HTTPONLY
) for a relatively common use case. My suggestion is a toggleable setting to conditionally include the CSRF token in the template, and conditionally look for that DOM value inshred.bundle.js
instead of getting it from$.cookie
.The text was updated successfully, but these errors were encountered: