Tag Archives: Forbidden CSRF cookie not set

Error encountered in Django: forbidden CSRF cookie not set

How is 618 sales champion made?Uncover the secret of e-commerce’s “invigorating” hundreds of millions of sales data>>>

CSRF cookie not set	

The hint is that

CSRF cookie not set

What is CSRF

Indicates that string validation is required for Django to send post requests globally

function: function to prevent cross site request forgery

working principle : when the client accesses the server, when the server normally returns data to the client, it returns a string to the client. When the client visits the server next time, the server will look up the previously returned string from the client. If it is found, it will continue. If it is not found, it will refuse

access process : client – URL routing system – CSRF – view function

What I want to write here is an API interface for internal use, and Cross Site Request Forgery is unlikely

So here are two not very recommended, but very simple ways to solve this problem

Since CSRF is not needed, we can turn off CSRF detection

Solution 1:

In the project you created, find the settings. Py file

Find the midview parameter in the file settings.py

Comment out 'django. Middleware. CSRF. Csrfviewmiddleware ',

Like this,

Solution 2:

The second method is similar to the first

Above is the comment of Django. Middleware. CSRF. Csrfviewmiddleware , which is a global setting

In fact, we can also make special settings for a single API

Here we use @ CSRF_ Exempt

@csrf_ Exempt is used to cancel the anti Cross Site Request Forgery function of the current function

Find the views. Py file, which is where we deal with API rules

Import from django.views.decorators.csrf import CSRF_ exempt

We add @ CSRF to the corresponding function_ exempt

Like this, isn’t it very simple

Note: please indicate the source of the reprint, thank you^_^