Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

CSRF Failed when POST data using Alamofire

Tags:

django-rest-framework

alamofire

I using django-reat-framework as backend and using SessionAuthentication and TokenAuthentication. This work well when I use httpie send request

http POST http://127.0.0.1:8000/api/users/ email="[email protected]" user_name="abc" passwod="1234"

but when I use Alamofire

Alamofire.request(.POST, "http://127.0.0.1:8000/api/users/", parameters: ["email": emailField.text!, "user_name": usernameField.text!, "password": passwordField.text!], encoding: .URL )
            .responseJSON { response in
                print(response.request)  // original URL request
                print(response.response) // URL response
                print(response.data)     // server data
                print(response.result)
                if let JSON = response.result.value {
                    print("JSON: \(JSON)")
                }
        }

return this

Optional(<NSMutableURLRequest: 0x7fe24e15d640> { URL: http://127.0.0.1:8000/api/users/ })
Optional(<NSHTTPURLResponse: 0x7fe24bf3a080> { URL: http://127.0.0.1:8000/api/users/ } { status code: 403, headers {
    Allow = "GET, POST, HEAD, OPTIONS";
    "Content-Type" = "application/json";
    Date = "Fri, 11 Mar 2016 13:09:59 GMT";
    Server = "WSGIServer/0.2 CPython/3.4.3";
    Vary = "Accept, Cookie";
    "X-Frame-Options" = SAMEORIGIN;
} })
Optional(<7b226465 7461696c 223a2243 53524620 4661696c 65643a20 43535246 20746f6b 656e206d 69737369 6e67206f 7220696e 636f7272 6563742e 227d>)
SUCCESS
JSON: {
    detail = "CSRF Failed: CSRF token missing or incorrect.";
}

But 127.0.0.1:8000/api/users/ don't need any permission, and I didn't send csrf token when I using httpie.So, What's wrong here?

like image 469
Windsooon Avatar asked Jun 07 '26 17:06

Windsooon

2 Answers

This header worked for me: 

let headers = [
   "Cookie": ""
]


Alamofire.request(urlString, method: .post, parameters: ["username": username!, "password": password!],encoding: JSONEncoding.default, headers: headers).responseJSON {
    response in
    switch response.result {
           case .success:
                print(response)                    
                break
            case .failure(let error):
                print(error)
    }

}

From here: https://github.com/Alamofire/Alamofire/issues/646

like image 137
DevB2F Avatar answered Jun 10 '26 18:06

DevB2F

POST/DELETE requests to API created using Django need a valid csrftoken to be passed along with the request.

You need to generate the token before you make any POST calls. To generate the token please refer to https://docs.djangoproject.com/en/1.9/ref/csrf/

Also after getting the csrftoken value from the cookie, pass the token in the header of the request

        let headers = [ "Accept":"application/json" ,  "Content-Type": "application/json" , "X-CSRFToken" : csrftoken]


        Alamofire.request(.POST, "http://127.0.0.1:8000/api/users/", headers: headers, parameters: params, encoding:  .JSON)
            .validate()
            .responseJSON { response in

                switch response.result {
                case .Success(let responseContent):
like image 37
Mansi Shah Avatar answered Jun 10 '26 17:06

Mansi Shah

Sign in to Comment

Related questions

How to set the JWT token from server
SerializerMethodField's function get_fieldname is not being called
Django Rest Framework ModelSerializer Set attribute on create
Django Rest Framework serializer update method does not save object
django-polymorphic-tree serializer

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!