CSRF middleware exception needed for some endpoint

Question

CSRF middleware exception needed for some endpoint

Closed this issue a year ago · 2 comments

gaud2029 commented a year ago

the accept-all and essentials are using content-type text/html. it's not inject any csrf token information in the call so the calls is redirected with a 302.

You need to add these endpoint to the csrf middleware exceptions list.

Answer 1 · 2023-10-27T12:28:52.000Z

Hi @gaud2029,

Could you elaborate? Thanks.

Answer 2 · 2023-11-08T14:55:55.000Z

I cannot reproduce the problem I had anymore so I guess this can be closed.

Basically some request were made as "application/json" and some other were made as "text/html"

I was having a 302 redirect and noticed that the request went through when I was adding those endpoint to the CSRF middleware exceptions array.

The only endpoint that was working was the "configure" endpoint.