Two things.
1.) If I'm sending a post request on the same domain then why do I need CSRF Token? Is it not only for cross domain requests?
2.) Even if you do require CSRF Token on the same domain, this stills show no auth header: dev-to-uploads.s3.amazonaws.com/i/...
1) Actually CSRF is supposed to be use for forms in the same domain. You see, a malicious person could easily post your form on another domain. This is why CSRF exists. Ofcourse you can disable it, at your own risk, with JWT_COOKIE_CSRF_PROTECT and JWT_CSRF_CHECK_FORM.
2) I'm guessing the authToken in your code has the wrong value. I don't see where you assign it so I can't tell for sure. Can you try using this instead-
I couldn't figure it out with POST request in this case. I'll just use GET request which works fine.
Thank you so much for the help though! I immensely appreciate it
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Two things.
1.) If I'm sending a post request on the same domain then why do I need CSRF Token? Is it not only for cross domain requests?
2.) Even if you do require CSRF Token on the same domain, this stills show no auth header:
dev-to-uploads.s3.amazonaws.com/i/...
1) Actually CSRF is supposed to be use for forms in the same domain. You see, a malicious person could easily post your form on another domain. This is why CSRF exists. Ofcourse you can disable it, at your own risk, with
JWT_COOKIE_CSRF_PROTECT
andJWT_CSRF_CHECK_FORM
.2) I'm guessing the
authToken
in your code has the wrong value. I don't see where you assign it so I can't tell for sure. Can you try using this instead-I couldn't figure it out with POST request in this case. I'll just use GET request which works fine.
Thank you so much for the help though! I immensely appreciate it