S
S
Sergey Pashkevich2015-10-12 15:26:33
Django
Sergey Pashkevich, 2015-10-12 15:26:33

How to authenticate a user using cookies (Django + Angular) on different domain names?

Headings are all included for cors. Cookies are set, everything is ok.
But there is an ambush in csrf protection, I can’t pass it because the authentication request is sent by a post request, and this is considered an insecure request and a csrf token is needed. What's the best way to get it if Django(api) is on the same machine and same domain, and Angular(client) is on a different machine and different domain?
There is an option to create a certain method where you can send a get request before starting, so that the cookies come, and extract csrf from them, write it to localStorage and send this csrf token in the header with each request, which is necessary for Django to confirm csrf - X-CSRFToken.
But I think this method is not for sale and looks like a crutch, maybe someone had experience with this implementation, I would be very grateful if there are any options and what can be discussed with you in more detail;)

Answer the question

In order to leave comments, you need to log in

1 answer(s)
A
Andrey K, 2015-10-12
@mututunus

Than to fence crutches, it's easier to disable csrf.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question