Django - Using CSRF Token

clarkeustaquio · October 19, 2021, 8:08am

Hello, How can i delete the csrftoken in views? I am doings this to get new csrftoken whenever the webpage is reloaded from the client(reactjs). I also added x-csrftoken attribute to my response so that i can use the token when sending a request from other endpoints. I tried using rotate_token but it returns None. Another problem that I have is that, csrftoken in the browser does not change whenever i sent a request to get_csrf view.

@api_view(['GET'])
@xframe_options_deny
@cache_page(0)
def get_csrf(request):
    response = Response({
        'x-csrftoken': get_token(request)
    })

    for cookie in request.COOKIES:
        response.delete_cookie(cookie)

    return response

clarkeustaquio · October 20, 2021, 2:52am

Solution

@api_view(['GET'])
@xframe_options_deny
@cache_page(0)
def get_csrf(request):

    try:
        csrf_cookie = request.META['CSRF_COOKIE']
    except KeyError:
        response = Response({
            'x-csrftoken': get_token(request)
        })
    else:
        response = Response({
            'x-csrftoken': csrf_cookie
        })

    return response

Topic		Replies	Views
CSRF Cookie is not set with react frontend Templates & Frontend	36	18937	February 7, 2024
AJAX/XHR and X-CSRFToken Using Django	0	567	May 17, 2020
Multiple csrftoken cookies Using Django	3	775	March 29, 2021
csrf_token shown in browser headers: Misunderstood "internal urls"? Deployment	3	556	January 31, 2023
if cookie does not exist redirect user external url Using Django	5	1234	September 22, 2020

Django - Using CSRF Token

Related Topics