Having a POST'able API and Django's CSRF Middleware

Posted by T. Stone on Stack Overflow See other posts from Stack Overflow or by T. Stone
Published on 2010-03-08T22:41:25Z Indexed on 2010/03/08 23:06 UTC
Read the original article Hit count: 608

Filed under:
|
|
|

I have a Django webapp that has both a front-end, web-accessible component and an API that is accessed by a desktop client. However, now with the new CSRF middleware component, API requests from the desktop client that are POST'ed get a 403.

I understand why this is happening, but what is the proper way to fix this without compromising security? Is there someway I can signal in the HTTP header that it's an API request and that Django shouldn't be checking for CSRF or is that a bad strategy?

© Stack Overflow or respective owner

Related posts about django

Related posts about csrf