Sending CSRF tokens via mail

Question

Sending CSRF tokens via mail

I am trying to validate my login on a webserver using Postman. First, I send a GET request to my login url and I receive a CSRF token as a cookie. Then I make a POST request to this login page with my username, password and CSRF token.

My problem is that when I do this in Postman, I get a 403 forbidden error when I try to make a POST request to login. I copy the resulting CSRF token and put it as one of the POST parameters and I am using a valid username and password. Is there something that I don't notice here?

+6

post django get csrf postman

WhoopsBing 04 Apr 17 at 1:33

source to share

2 answers

Pratik mandrekar · Answer 1 · 2017-04-04T14:04:24+0000

You need to set it as a header in the request, not in the body . X-CSRFToken

is the key and the value is the CSRF token from the cookie. This will work if you are using an API framework like Tastypie

or Django Rest Framework

.

If you are authenticating without an API level, you will need to actually add a cookie or create one using a CSRF token. This post explains it.

Sumuka · Answer 2 · 2019-05-01T07:26:09+0000

Try installing the Postman Interceptor extension in Google Chrome. This worked for me.

Sending CSRF tokens via mail

More articles: