作者sean72 (.)
看板Python
標題[問題] Django Rest Framework authentication
時間Fri Sep 2 06:36:17 2016
我想關閉某個post的 CSRF
http://www.django-rest-framework.org/api-guide/viewsets/#viewset
裡面提到
You can use any of the standard attributes such as permission_classes,
authentication_classes in order to control the API policy on the viewset.
stack overflow查到
http://goo.gl/k082op
所以我在我的view.py裡面加入
from rest_framework.authentication import
SessionAuthentication, BasicAuthentication,
class CsrfExemptSessionAuthentication(SessionAuthentication):
def enforce_csrf(self, request):
print('csrf exempt...')
#從沒跑到這行
return
class ItemViewSet(viewsets.ModelViewSet):
queryset = Item.objects.all()
serializer_class = ItemSerializer
# 並且設定authentication_classes
authentication_classes = (CsrfExemptSessionAuthentication,
BasicAuthentication)
但是我仍然得到
Forbidden (CSRF cookie not set.)
請問我哪邊做錯了?
謝謝
--
※ 發信站: 批踢踢實業坊(ptt.cc), 來自: 204.96.168.3
※ 文章網址: https://www.ptt.cc/bbs/Python/M.1472769386.A.336.html
→ frank910138: 在function上面加上 @csrf_exempt 試試看 ,是不是 09/02 11:38
→ frank910138: 你要的 09/02 11:38
→ sean72: doesn't work 09/04 07:13
→ kevinkung: 有import csrf_exempt嗎? 10/06 23:57