setting csrf token in front-end framework forms (such as react forms)

famdude · January 12, 2023, 5:27pm

There is a way of creating a view with @ensure_csrf_token to add a csrf token in cookies, and then calling this view before submitting forms every time, to add given token in form or request header.

But the problem of this approach is that we should do a request before submitting every form, which is not a good idea.

So is there any other way, like using {% csrf_token %} in front-end form, to add a csrf automatically, without any extra request?

KenWhitesell · January 13, 2023, 1:28am

My understanding is that the csrf token cookie will continue to be exchanged with every POST request and response. You can (usually) get the token from the cookie.

In other words, instead of:
GET
POST
GET
POST
GET
POST,

the sequence becomes:
GET
POST
POST
POST

See How to use Django’s CSRF protection | Django documentation | Django

Topic		Replies	Views
Django 3.0.8 - csrf cookies not getting set without using @ensure_csrf_cookie Using Django	0	574	July 5, 2020
Django NextJS App CSRF verification failed Templates & Frontend	4	1793	May 6, 2022
CSRF token validation for CORS Forms & APIs	4	2775	September 6, 2023
CSRF token missing react axios and django Mystery Errors	9	9989	April 29, 2023
How CSRF protection works? Using Django	0	481	November 30, 2021

setting csrf token in front-end framework forms (such as react forms)

Related Topics