Django - Using CSRF Token

clarkeustaquio · October 19, 2021, 8:08am

Hello, How can i delete the csrftoken in views? I am doings this to get new csrftoken whenever the webpage is reloaded from the client(reactjs). I also added x-csrftoken attribute to my response so that i can use the token when sending a request from other endpoints. I tried using rotate_token but it returns None. Another problem that I have is that, csrftoken in the browser does not change whenever i sent a request to get_csrf view.

@api_view(['GET'])
@xframe_options_deny
@cache_page(0)
def get_csrf(request):
    response = Response({
        'x-csrftoken': get_token(request)
    })

    for cookie in request.COOKIES:
        response.delete_cookie(cookie)

    return response

clarkeustaquio · October 20, 2021, 2:52am

Solution

@api_view(['GET'])
@xframe_options_deny
@cache_page(0)
def get_csrf(request):

    try:
        csrf_cookie = request.META['CSRF_COOKIE']
    except KeyError:
        response = Response({
            'x-csrftoken': get_token(request)
        })
    else:
        response = Response({
            'x-csrftoken': csrf_cookie
        })

    return response

Topic		Replies	Views
CSRF Cookie is not set with react frontend Templates & Frontend	36	21505	February 7, 2024
Django NextJS App CSRF verification failed Templates & Frontend	4	2001	May 6, 2022
AJAX/XHR and X-CSRFToken Using Django	0	661	May 17, 2020
csrf token not getting sent in request COOKIES Mystery Errors	0	89	June 19, 2024
How to use Cross Site Request Forgery protection correctly? Using Django	2	559	February 16, 2021

Django - Using CSRF Token

Related topics