Follow

Keep Up to Date with the Most Important News

By pressing the Subscribe button, you confirm that you have read and are agreeing to our Privacy Policy and Terms of Use
Follow
Facebook Twitter Instagram Youtube
Contact

Why is `csrf_exempt` not needed when using django-rest-framework?

byMR
December 9, 2021

When I make a POST request with Postman, I receive an error Forbidden (CSRF cookie not set.)

class BooksView(View):
    def post(self, request):

If I use csrf_exempt the error does not occur

from django.utils.decorators import method_decorator
from django.views.decorators.csrf import csrf_exempt

@method_decorator(csrf_exempt, name='dispatch')
class BooksView(View):
    def post(self, request):

However, this error does not occur at all when I use django-rest-framework

MEDevel.com: Open-source for Healthcare and Education

Collecting and validating open-source software for healthcare, education, enterprise, development, medical imaging, medical records, and digital pathology.

Visit Medevel 

from rest_framework.views import APIView

# /books
class BooksView(APIView):
    def post(self, request):

What is django-rest-framework and the APIView class doing in relation to csrf?

>Solution :

All views and viewsets in django-rest-framework inherit from APIView, this class wraps itself with csrf_exempt in the as_view method.

byMR
Published
Add a comment

Leave a Reply

Keep Up to Date with the Most Important News

By pressing the Subscribe button, you confirm that you have read and are agreeing to our Privacy Policy and Terms of Use

Read more

Discover more from Dev solutions

Subscribe now to keep reading and get access to the full archive.

Continue reading