※ [本文转录自 Python 看板 #1NoArgCs ]
作者: sean72 (.) 看板: Python
标题: [问题] Django Rest Framework authentication
时间: Fri Sep 2 06:36:17 2016
我想关闭某个post的 CSRF
http://www.django-rest-framework.org/api-guide/viewsets/#viewset
里面提到
You can use any of the standard attributes such as permission_classes,
authentication_classes in order to control the API policy on the viewset.
stack overflow查到
http://goo.gl/k082op
所以我在我的view.py里面加入
from rest_framework.authentication import
SessionAuthentication, BasicAuthentication,
class CsrfExemptSessionAuthentication(SessionAuthentication):
def enforce_csrf(self, request):
print('csrf exempt...') #从没跑到这行
return
class ItemViewSet(viewsets.ModelViewSet):
queryset = Item.objects.all()
serializer_class = ItemSerializer
# 并且设定authentication_classes
authentication_classes = (CsrfExemptSessionAuthentication,
BasicAuthentication)
但是我仍然得到
Forbidden (CSRF cookie not set.)
请问我哪边做错了?
谢谢