score:1

Accepted answer

you should not disable the csrf check in django. instead in your form/template simply do {% csrf_token %} not {{ csrf_token }} it will print a hidden form element with value assigned to your csrf token already.

if you are using ajax, you can simply set your ajax headers globally as:

$.ajaxsetup({
        beforesend: function (xhr, settings) {
            // this time double brackets
            xhr.setrequestheader("x-csrftoken", "{{csrf_token}}"); 
        }
    });

if you are using fetch then:

fetch('some/url/here', {
            method: 'get',
            headers: {
                'x-csrftoken': window.csrf_token // or pass it in your own way
            }
        }).then(function (response) {
            return response.json()
        })

these are pretty much all the ones i can think of.

hope this helps.


Related Query

More Query from same tag