python - Unable to disable CSRF check in django 1.10 -


i using django-1.10 project , want o disable csrf check in project. did created csrfdiable middleware , added in middlewares after commonmiddleware. same process worked me in django 1.8 in django 1.10 not working. tried removing django.middleware.csrf.csrfviewmiddleware doesn't work me. middleware class below

class disablecsrf(object):      def __init__(self, get_response):         self.get_response = get_response      def __call__(self, request):         return self.get_response(request)      def process_request(self, request):         setattr(request, '_dont_enforce_csrf_checks', true)   middleware = [      'django.middleware.security.securitymiddleware',     'django.contrib.sessions.middleware.sessionmiddleware',     'django.middleware.common.commonmiddleware',     'common.middlewares.disablecsrf',      # 'django.middleware.csrf.csrfviewmiddleware',     'django.contrib.auth.middleware.authenticationmiddleware',     'django.contrib.messages.middleware.messagemiddleware',     'django.middleware.clickjacking.xframeoptionsmiddleware',    ] 

the error getting on post request

{     "detail": "csrf failed: csrf token missing or incorrect." } 

disabling csrf protection globally not idea. if still want disable csrf rest-framework based apis can override sessionauthentication class of django-rest-framework , add in django-rest-framework default_authentication_classes settings , done. can

from rest_framework.authentication import sessionauthentication   class csrfexemptsessionauthentication(sessionauthentication):      def enforce_csrf(self, request):         return  # not perform csrf check 

and in settings rest_framework add

rest_framework = { 'default_authentication_classes': ( 'path of .csrfexemptsessionauthentication',  # path of csrfexemptsessionauthentication class 'rest_framework.authentication.basicauthentication' ), } 

i hope work

or can use token base authentication.


Comments