I ran into this exact problem, trying to get an SPA to use DRF's session authentication. The docs for this only suggest it could work, but never really say how. I got lucky with some googling, and thought I would share.
1) I needed to write a new login view. I basically copied one from testdriven.io/courses/real-time-ap... after much searching. I also copied from there for sign up and logout views.
2) On the backend, I included {% csrf_token %} in the index.html template that bootstraps the SPA, so that the SPA gets the cookie when it loads.
3) On the frontend, I made sure to include the CSRF cookie as a 'X-CSRFToken' header.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
(apologies for the thread necromancy)
I ran into this exact problem, trying to get an SPA to use DRF's session authentication. The docs for this only suggest it could work, but never really say how. I got lucky with some googling, and thought I would share.
1) I needed to write a new login view. I basically copied one from testdriven.io/courses/real-time-ap... after much searching. I also copied from there for sign up and logout views.
2) On the backend, I included
{% csrf_token %}
in the index.html template that bootstraps the SPA, so that the SPA gets the cookie when it loads.3) On the frontend, I made sure to include the CSRF cookie as a 'X-CSRFToken' header.