Django Rest框架抱怨CSRF

问题描述：

我已经开发了一个简单的Web服务，但是没有使用Django Rest Framework发布，因为它抱怨CSRF：

I have developed a simple webservice, but failed to use post with Django Rest Framework as it complains about CSRF:

detail ：CSRF失败：CSRF cookie未设置。

"detail": "CSRF Failed: CSRF cookie not set."

删除api_view装饰器会阻止消息出现，将无法访问request.data。我认为api_view会检查CSRF，尽管我添加了csrf_exempt装饰器。

Removing the api_view decorator does stop the message from appearing but then I won't be able to access the request.data. I think that the api_view does check CSRF although I added the csrf_exempt decorator.

这是我的观点：

This is my view:

@permission_classes((IsAuthenticated, ))
@csrf_exempt
@api_view(['POST'])
def get_stats(request):
    """
    Returns the stats available.
    """

    user = request.user

    if request.method == 'POST':
        serializer = StatsRequestSerializer(data=request.data)
        stats_request = serializer.data
        return JSONResponse(stats_request)

            #serializer = QuizSerializer(user.quizes.all(), many=True)
            #return JSONResponse(serializer.data)

    response = ActionResponse(status='error', error='Invalid request')
    serializer = ActionResponseSerializer(response)
    return JSONResponse(serializer.data, status=400)

这是我的模型：

class StatsRequest(models.Model):
    """
    A model which describes a request for some stats for specific users.
    """

    start_date = models.DateField()
    end_date = models.DateField()

这是我的请求POST：

and this is my request POST:

{"start_date" : "1992-01-15", "end_date" : "1992-01-15" }

任何想法？

更多信息：

AUTHENTICATION_BACKENDS = (
    'social.backends.facebook.FacebookOAuth2',
    'social.backends.google.GoogleOAuth2',
    'django.contrib.auth.backends.ModelBackend'
)

答

请参阅此链接：

在Django中禁用CSRF检查

相关推荐