Sending CSRF tokens via mail

I am trying to validate my login on a webserver using Postman. First, I send a GET request to my login url and I receive a CSRF token as a cookie. Then I make a POST request to this login page with my username, password and CSRF token.

My problem is that when I do this in Postman, I get a 403 forbidden error when I try to make a POST request to login. I copy the resulting CSRF token and put it as one of the POST parameters and I am using a valid username and password. Is there something that I don't notice here?

+6


source to share


2 answers


You need to set it as a header in the request, not in the body . X-CSRFToken

is the key and the value is the CSRF token from the cookie. This will work if you are using an API framework like Tastypie

or Django Rest Framework

.



If you are authenticating without an API level, you will need to actually add a cookie or create one using a CSRF token. This post explains it.

+10


source


Try installing the Postman Interceptor extension in Google Chrome. This worked for me.



0


source







All Articles