Created
January 5, 2017 09:45
-
-
Save jangia/6a740f752609546ea4e25ab5d7698484 to your computer and use it in GitHub Desktop.
Angular2 adn Django csrf protection
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<html> | |
<head> | |
<!-- put whatever you need --> | |
</head> | |
<body> | |
<app-root>Loading... </app-root> | |
{% csrf_token %} | |
</body> | |
</html> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
REST_FRAMEWORK = { | |
'DEFAULT_AUTHENTICATION_CLASSES': ( | |
'rest_framework.authentication.SessionAuthentication', | |
), | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
getUser (email: string): Observable<any> { | |
let headers = new Headers({ 'Content-Type': 'application/json' }); | |
headers.append("X-CSRFToken", this.getCookie('csrftoken')); | |
let options = new RequestOptions({ headers: headers }); | |
return this.http.get(this.url + '/' + email + '/', options) | |
.map(res => res.json()) | |
.catch(this.handleError); | |
} | |
getCookie(key: string){ | |
return this._cookieService.get(key); | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from django.views.decorators.csrf import csrf_protect | |
from django.utils.decorators import method_decorator | |
@method_decorator(csrf_protect) | |
def post(self, request, format=None): | |
user_data = request.data | |
#do something nice | |
return Response('Response', status=status.HTTP_201_CREATED) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment