Having a POST'able API and Django's CSRF Middleware
Posted
by T. Stone
on Stack Overflow
See other posts from Stack Overflow
or by T. Stone
Published on 2010-03-08T22:41:25Z
Indexed on
2010/03/08
23:06 UTC
Read the original article
Hit count: 608
I have a Django webapp that has both a front-end, web-accessible component and an API that is accessed by a desktop client. However, now with the new CSRF middleware component, API requests from the desktop client that are POST'ed get a 403.
I understand why this is happening, but what is the proper way to fix this without compromising security? Is there someway I can signal in the HTTP header that it's an API request and that Django shouldn't be checking for CSRF or is that a bad strategy?
© Stack Overflow or respective owner