Remote authorization REST API how to implement?

A

awesomeddd2017-05-10 20:56:56

Django

awesomeddd, 2017-05-10 20:56:56

There is a server on Django REST API
There is a web application on normal Django.
Those. the connection is made: Django REST API Server <=>
Django app <=> Client

<form action="{% url 'todolist:login' %}" method="post">
    {% csrf_token %}
    {{ form }}
    <input type="submit" value="Login" />
</form>

In views.py:

class LoginView(View):
    @method_decorator(csrf_exempt)
    def get(self, request, *args, **kwargs):
        form = LoginForm()
        return render(request, 'login.html', {'form': form})
    @method_decorator(csrf_exempt)
    def post(self, request, *args, **kwargs):
        form = LoginForm(request.POST)
        if form.is_valid():
            post_data = {'username': form.cleaned_data['username'], 'password': form.cleaned_data['password']}
            response = requests.post('http://127.0.0.1:8080/api-auth/login/', data=post_data)
            return HttpResponseRedirect('/todolists/')

When sending a POST request, the response is 403 with the indication: Forbidden (CSRF cookie not set.): /api-auth/login/
How to solve this problem?

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

D

Dmitry Burnaev, 2017-05-10
@DmitryBurn

On the django-rest server side, there is csrf protection. It is necessary at the time of calling requests.post (call for) to throw csrf token into cookies (it can be obtained from the current request)