chapter 14: angular cannot PUT, trouble with CSRF
kurtgn opened this issue · comments
I am on page 333 of the book now where we first use
$http.put('/api/v1/poll_items/'+item.id,item)
The server returns 403 though.
I then tried PUTting through both REST html interface and from the command line, both ways work:
import requests
data="""
{
"id": 2,
"name": "yodaaa2",
"text": "yodaaaa2",
"votes": 5,
"percentage": 0.0
}
"""
headers={'content-type':'application/json'}
res=requests.put('http://localhost:8000/api/v1/poll_items/2',data=data,headers=headers)
print(res.status_code)
>>200
so there is trouble on the JS part.
when I examined the rest_framework.response.Response
object, I saw this:
response.data
{'detail': 'CSRF Failed: CSRF token missing or incorrect.'}
also, the request
object created by $http.put()
contained a csrf cookie
request.COOKIES
{'csrftoken': 'UKpSA6ak5vL0NCLeOz2YmSR3S6eXH4s9', 'tabstyle': 'raw-tab', '__ngDebug': 'true', 'sessionid': 'qjlh01munmtrffhao2zxp8oikb6iywfr'}
Neiter of these happen when i PUT by requests.put
.
Even if I remove {% csrf_token %}
from the page or disable CsrfViewMiddleware
completely, Angular still finds a way to get a CSRF cookie into my request.
How do I turn it off? (my Angular is v1.3.15)
okay. I cleaned my browser's cookies, and it worked. So simple.
Good thing, cause it kinda had me stumped. :)
yeah sorry %)
@kurtgn - no its totally cool, much rather you submit an incorrect issue than not submit anything at all. At least I know your going through the book. :) Do let me know if you have any other difficulties.
yeah sure :) the book is great btw! It's amazing to watch Angular and Django REST dance together so gracefully.