Piotr

Posted on Aug 14, 2023 • Originally published at finloop.github.io on Aug 14, 2023

Django Vue (Axios) Cors headers + CSFR tokens

#python #django #vue

Basic CORS and CSFR settings for Django Rest Framework (DRF) + Axios:

# Settings.py:
...

CORS_ORIGIN_ALLOW_ALL = False
CORS_ALLOWED_ORIGINS = [
    "http://localhost:5173",
]

CSRF_TRUSTED_ORIGINS  = [
    "http://localhost:5173",
]

CSRF_COOKIE_SECURE = True
SESSION_COOKIE_SECURE = True
CSRF_COOKIE_SAMESITE = "None"
SESSION_COOKIE_SAMESITE = "None"

CORS_ALLOW_CREDENTIALS = True
CORS_ALLOW_HEADERS = [
    "accept",
    "authorization",
    "content-type",
    "user-agent",
    "x-csrftoken",
    "x-requested-with",
    "x-xsrf-token"]
...

In Vuejs:

// axios config:
xsrfCookieName: 'csrftoken',
xsrfHeaderName: 'X-CSRFToken',
withCredentials: true,

Read what these do before using them. I'm not responsible for any security issues that may arise from using these settings.

Bugs I encountered:

Reason: expected ‘true’ in CORS header ‘Access-Control-Allow-Credentials

References

🛠️ Bring your solution into Docusign. Reach over 1.6M customers.

Docusign is now extensible. Overcome challenges with disconnected products and inaccessible data by bringing your solutions into Docusign and publishing to 1.6M customers in the App Center.

Learn more

DEV Community

Django Vue (Axios) Cors headers + CSFR tokens

References

🛠️ Bring your solution into Docusign. Reach over 1.6M customers.

Top comments (0)

A Workflow Copilot. Tailored to You.

Read next

📊 AI Dashboard Builder: Create Insightful Dashboards just Droppping your Data

Random Forest Classification: Unveiling the Powerful Machine Learning Technique That's Transforming Decision-Making

10 Must-Know TypeScript Features to Improve Your Coding Efficiency

การใช้งาน Polyglot notebook กับ Python