Run django api from postman: CSRF verification failed












0














I'm trying to run an api using postman. My application is developed in django 1.11.6 using python 3.5.



My app is installed on an ubuntu server. I have no login mechanism to create a csrf token.



These are the steps that I follow:




  1. Click on "import" tab on the upper left side.

  2. Select the Raw Text option and paste my cURL command.

  3. Hit import and I have the command in your Postman builder

  4. Press send button.


My curl command is:



curl -i -H 'Accept: application/json; indent=4' -X POST  https://127.0.0.1/users/:register/ -d "id=111&firstname=zinonas&yearofbirth=2007&lastname=Antoniou&othernames="


The error I get is Forbidden (403) - CSRF verification failed. Request aborted.



When I run the curl command via cygwin, it's working properly.



This is the view function that I'm using:



class ApiUserRegister(APIView):

    permission_classes = ()

    serializer_class = RegisterUserSerializer



    def post(self, request):

        serializer = RegisterUserSerializer(data=request.data)

        # Check format and unique constraint

        serializer.is_valid(raise_exception=True)

        data = serializer.data



        if User.objects.filter(id=data['id']).exists():

            user = User.objects.get(id=data['id'])

            is_new = "false"

            resp_status = status.HTTP_200_OK

        else:

            user = User.objects.create(id=data['id'],

                                       firstname=data['firstname'],

                                       yearofbirth=data['yearofbirth'],

                                       lastname=data['lastname'],

                                       othernames=data['othernames'])

            user.save()

            is_new = "true"

            resp_status = status.HTTP_201_CREATED

        resp = {"user": serializer.get_serialized(user),

                "isnew": is_new}

        return Response(resp, status=resp_status)


In settings.py I have:



REST_FRAMEWORK = {

    'DEFAULT_PERMISSION_CLASSES': (

        'rest_framework.permissions.IsAuthenticated',

    ),

    'DEFAULT_AUTHENTICATION_CLASSES': (

        'rest_framework.authentication.SessionAuthentication',

        'rest_framework.authentication.TokenAuthentication',

        'rest_framework_jwt.authentication.JSONWebTokenAuthentication',

    )

}





python django curl







share|improve this question
























  • where is the view that you are trying to get?
    – mohammed qudah
    Oct 25 '17 at 7:20










  • @mohammedqudah It's a view to register a new user. I've added it to my question.
    – zinon
    Oct 25 '17 at 7:22












  • In your curl command, your url does not look good as it contains :.
    – aquaman
    Oct 25 '17 at 8:03










  • @aquaman Yes, I want to have this character in my api.
    – zinon
    Oct 25 '17 at 8:04










  • Also if you are requesting https you should use something like curl -k ...
    – aquaman
    Oct 25 '17 at 8:07
















0














I'm trying to run an api using postman. My application is developed in django 1.11.6 using python 3.5.



My app is installed on an ubuntu server. I have no login mechanism to create a csrf token.



These are the steps that I follow:




  1. Click on "import" tab on the upper left side.

  2. Select the Raw Text option and paste my cURL command.

  3. Hit import and I have the command in your Postman builder

  4. Press send button.


My curl command is:



curl -i -H 'Accept: application/json; indent=4' -X POST  https://127.0.0.1/users/:register/ -d "id=111&firstname=zinonas&yearofbirth=2007&lastname=Antoniou&othernames="


The error I get is Forbidden (403) - CSRF verification failed. Request aborted.



When I run the curl command via cygwin, it's working properly.



This is the view function that I'm using:



class ApiUserRegister(APIView):

    permission_classes = ()

    serializer_class = RegisterUserSerializer



    def post(self, request):

        serializer = RegisterUserSerializer(data=request.data)

        # Check format and unique constraint

        serializer.is_valid(raise_exception=True)

        data = serializer.data



        if User.objects.filter(id=data['id']).exists():

            user = User.objects.get(id=data['id'])

            is_new = "false"

            resp_status = status.HTTP_200_OK

        else:

            user = User.objects.create(id=data['id'],

                                       firstname=data['firstname'],

                                       yearofbirth=data['yearofbirth'],

                                       lastname=data['lastname'],

                                       othernames=data['othernames'])

            user.save()

            is_new = "true"

            resp_status = status.HTTP_201_CREATED

        resp = {"user": serializer.get_serialized(user),

                "isnew": is_new}

        return Response(resp, status=resp_status)


In settings.py I have:



REST_FRAMEWORK = {

    'DEFAULT_PERMISSION_CLASSES': (

        'rest_framework.permissions.IsAuthenticated',

    ),

    'DEFAULT_AUTHENTICATION_CLASSES': (

        'rest_framework.authentication.SessionAuthentication',

        'rest_framework.authentication.TokenAuthentication',

        'rest_framework_jwt.authentication.JSONWebTokenAuthentication',

    )

}





python django curl







share|improve this question
























  • where is the view that you are trying to get?
    – mohammed qudah
    Oct 25 '17 at 7:20










  • @mohammedqudah It's a view to register a new user. I've added it to my question.
    – zinon
    Oct 25 '17 at 7:22












  • In your curl command, your url does not look good as it contains :.
    – aquaman
    Oct 25 '17 at 8:03










  • @aquaman Yes, I want to have this character in my api.
    – zinon
    Oct 25 '17 at 8:04










  • Also if you are requesting https you should use something like curl -k ...
    – aquaman
    Oct 25 '17 at 8:07














0












0








0







I'm trying to run an api using postman. My application is developed in django 1.11.6 using python 3.5.



My app is installed on an ubuntu server. I have no login mechanism to create a csrf token.



These are the steps that I follow:




  1. Click on "import" tab on the upper left side.

  2. Select the Raw Text option and paste my cURL command.

  3. Hit import and I have the command in your Postman builder

  4. Press send button.


My curl command is:



curl -i -H 'Accept: application/json; indent=4' -X POST  https://127.0.0.1/users/:register/ -d "id=111&firstname=zinonas&yearofbirth=2007&lastname=Antoniou&othernames="


The error I get is Forbidden (403) - CSRF verification failed. Request aborted.



When I run the curl command via cygwin, it's working properly.



This is the view function that I'm using:



class ApiUserRegister(APIView):

    permission_classes = ()

    serializer_class = RegisterUserSerializer



    def post(self, request):

        serializer = RegisterUserSerializer(data=request.data)

        # Check format and unique constraint

        serializer.is_valid(raise_exception=True)

        data = serializer.data



        if User.objects.filter(id=data['id']).exists():

            user = User.objects.get(id=data['id'])

            is_new = "false"

            resp_status = status.HTTP_200_OK

        else:

            user = User.objects.create(id=data['id'],

                                       firstname=data['firstname'],

                                       yearofbirth=data['yearofbirth'],

                                       lastname=data['lastname'],

                                       othernames=data['othernames'])

            user.save()

            is_new = "true"

            resp_status = status.HTTP_201_CREATED

        resp = {"user": serializer.get_serialized(user),

                "isnew": is_new}

        return Response(resp, status=resp_status)


In settings.py I have:



REST_FRAMEWORK = {

    'DEFAULT_PERMISSION_CLASSES': (

        'rest_framework.permissions.IsAuthenticated',

    ),

    'DEFAULT_AUTHENTICATION_CLASSES': (

        'rest_framework.authentication.SessionAuthentication',

        'rest_framework.authentication.TokenAuthentication',

        'rest_framework_jwt.authentication.JSONWebTokenAuthentication',

    )

}





python django curl







share|improve this question















I'm trying to run an api using postman. My application is developed in django 1.11.6 using python 3.5.



My app is installed on an ubuntu server. I have no login mechanism to create a csrf token.



These are the steps that I follow:




  1. Click on "import" tab on the upper left side.

  2. Select the Raw Text option and paste my cURL command.

  3. Hit import and I have the command in your Postman builder

  4. Press send button.


My curl command is:



curl -i -H 'Accept: application/json; indent=4' -X POST  https://127.0.0.1/users/:register/ -d "id=111&firstname=zinonas&yearofbirth=2007&lastname=Antoniou&othernames="


The error I get is Forbidden (403) - CSRF verification failed. Request aborted.



When I run the curl command via cygwin, it's working properly.



This is the view function that I'm using:



class ApiUserRegister(APIView):

    permission_classes = ()

    serializer_class = RegisterUserSerializer



    def post(self, request):

        serializer = RegisterUserSerializer(data=request.data)

        # Check format and unique constraint

        serializer.is_valid(raise_exception=True)

        data = serializer.data



        if User.objects.filter(id=data['id']).exists():

            user = User.objects.get(id=data['id'])

            is_new = "false"

            resp_status = status.HTTP_200_OK

        else:

            user = User.objects.create(id=data['id'],

                                       firstname=data['firstname'],

                                       yearofbirth=data['yearofbirth'],

                                       lastname=data['lastname'],

                                       othernames=data['othernames'])

            user.save()

            is_new = "true"

            resp_status = status.HTTP_201_CREATED

        resp = {"user": serializer.get_serialized(user),

                "isnew": is_new}

        return Response(resp, status=resp_status)


In settings.py I have:



REST_FRAMEWORK = {

    'DEFAULT_PERMISSION_CLASSES': (

        'rest_framework.permissions.IsAuthenticated',

    ),

    'DEFAULT_AUTHENTICATION_CLASSES': (

        'rest_framework.authentication.SessionAuthentication',

        'rest_framework.authentication.TokenAuthentication',

        'rest_framework_jwt.authentication.JSONWebTokenAuthentication',

    )

}





python django curl




python django curl






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Oct 25 '17 at 13:43

























asked Oct 25 '17 at 7:16









zinon

1,48942964




1,48942964












  • where is the view that you are trying to get?
    – mohammed qudah
    Oct 25 '17 at 7:20










  • @mohammedqudah It's a view to register a new user. I've added it to my question.
    – zinon
    Oct 25 '17 at 7:22












  • In your curl command, your url does not look good as it contains :.
    – aquaman
    Oct 25 '17 at 8:03










  • @aquaman Yes, I want to have this character in my api.
    – zinon
    Oct 25 '17 at 8:04










  • Also if you are requesting https you should use something like curl -k ...
    – aquaman
    Oct 25 '17 at 8:07


















  • where is the view that you are trying to get?
    – mohammed qudah
    Oct 25 '17 at 7:20










  • @mohammedqudah It's a view to register a new user. I've added it to my question.
    – zinon
    Oct 25 '17 at 7:22












  • In your curl command, your url does not look good as it contains :.
    – aquaman
    Oct 25 '17 at 8:03










  • @aquaman Yes, I want to have this character in my api.
    – zinon
    Oct 25 '17 at 8:04










  • Also if you are requesting https you should use something like curl -k ...
    – aquaman
    Oct 25 '17 at 8:07
















where is the view that you are trying to get?
– mohammed qudah
Oct 25 '17 at 7:20




where is the view that you are trying to get?
– mohammed qudah
Oct 25 '17 at 7:20












@mohammedqudah It's a view to register a new user. I've added it to my question.
– zinon
Oct 25 '17 at 7:22






@mohammedqudah It's a view to register a new user. I've added it to my question.
– zinon
Oct 25 '17 at 7:22














In your curl command, your url does not look good as it contains :.
– aquaman
Oct 25 '17 at 8:03




In your curl command, your url does not look good as it contains :.
– aquaman
Oct 25 '17 at 8:03












@aquaman Yes, I want to have this character in my api.
– zinon
Oct 25 '17 at 8:04




@aquaman Yes, I want to have this character in my api.
– zinon
Oct 25 '17 at 8:04












Also if you are requesting https you should use something like curl -k ...
– aquaman
Oct 25 '17 at 8:07




Also if you are requesting https you should use something like curl -k ...
– aquaman
Oct 25 '17 at 8:07












4 Answers
4






active

oldest

votes


















1














To make AJAX requests, you need to include CSRF token in the HTTP header, as described in the Django documentation.



1st option



enter image description here



2nd option
enter image description here






share|improve this answer























  • I'm not using jQuery. I created an API to using via `android' app.
    – zinon
    Oct 25 '17 at 7:51










  • Can you please give me an example?
    – zinon
    Oct 25 '17 at 8:03










  • 1. get csrftoken cookie with safe GET query (view can use ensure_csrf_cookie decorator) 2. use csrftoken in new POST query
    – LennyLip
    Oct 25 '17 at 8:06








  • 1




    The answer does not address Postman, which is a key part of the question.
    – BrianHVB
    Nov 20 at 18:26










  • @BrianHVB Are you sure? Answer updated
    – LennyLip
    Nov 21 at 6:12



















0














update your class to be like this



from braces.views import CsrfExemptMixin

class your_class(CsrfExemptMixin, ......yours_here)

   def post(...):

       [....]


this will tell django to allow requests without csrf






share|improve this answer























  • Using this I get name 'csrf_exempt' is not defined error.
    – zinon
    Oct 25 '17 at 7:35










  • I get error 'function' object has no attribute 'as_view'.In urls.py I have this line: url(r':register/$', views.ApiUserRegister.as_view(), name='register-user')
    – zinon
    Oct 25 '17 at 7:41












  • No I get the error The keyword argument "name" must be the name of a method of the decorated class: <class 'users.views.ApiUserRegister'>. Got '' instead
    – zinon
    Oct 25 '17 at 7:46












  • Unfortunately, no. I set @method_decorator(csrf_exempt, name="post") and now I get once again Forbidden (403) CSRF verification failed. Request aborted.
    – zinon
    Oct 25 '17 at 7:50










  • Is braces a module that I can install using pip3?
    – zinon
    Oct 25 '17 at 7:56



















0














Try this.



from django.views.decorators.csrf import csrf_exempt

class ApiUserRegister(APIView):

permission_classes = ()

serializer_class = RegisterUserSerializer



    @csrf_exempt

    def post(self, request):

        serializer = RegisterUserSerializer(data=request.data)





share|improve this answer





















  • I tried it but forbidden 403 error remains.
    – zinon
    Oct 25 '17 at 13:25










  • Refer this. stackoverflow.com/questions/12174040/…
    – python_user
    Oct 27 '17 at 7:34












  • I'm not using any template.
    – zinon
    Oct 27 '17 at 7:38



















0














In urls file, try this:



urlpatterns = [

    url(r'^your_uri/', views.YourView.as_view()),

]


this will tell django to allow requests without csrf






share|improve this answer





















    Your Answer






    StackExchange.ifUsing("editor", function () {
    StackExchange.using("externalEditor", function () {
    StackExchange.using("snippets", function () {
    StackExchange.snippets.init();
    });
    });
    }, "code-snippets");

    StackExchange.ready(function() {
    var channelOptions = {
    tags: "".split(" "),
    id: "1"
    };
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function() {
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled) {
    StackExchange.using("snippets", function() {
    createEditor();
    });
    }
    else {
    createEditor();
    }
    });

    function createEditor() {
    StackExchange.prepareEditor({
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: true,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: 10,
    bindNavPrevention: true,
    postfix: "",
    imageUploader: {
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    },
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    });


    }
    });














    draft saved

    draft discarded


















    StackExchange.ready(
    function () {
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f46926227%2frun-django-api-from-postman-csrf-verification-failed%23new-answer', 'question_page');
    }
    );

    Post as a guest















    Required, but never shown

























    4 Answers
    4






    active

    oldest

    votes








    4 Answers
    4






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    1














    To make AJAX requests, you need to include CSRF token in the HTTP header, as described in the Django documentation.



    1st option



    enter image description here



    2nd option
    enter image description here






    share|improve this answer























    • I'm not using jQuery. I created an API to using via `android' app.
      – zinon
      Oct 25 '17 at 7:51










    • Can you please give me an example?
      – zinon
      Oct 25 '17 at 8:03










    • 1. get csrftoken cookie with safe GET query (view can use ensure_csrf_cookie decorator) 2. use csrftoken in new POST query
      – LennyLip
      Oct 25 '17 at 8:06








    • 1




      The answer does not address Postman, which is a key part of the question.
      – BrianHVB
      Nov 20 at 18:26










    • @BrianHVB Are you sure? Answer updated
      – LennyLip
      Nov 21 at 6:12
















    1














    To make AJAX requests, you need to include CSRF token in the HTTP header, as described in the Django documentation.



    1st option



    enter image description here



    2nd option
    enter image description here






    share|improve this answer























    • I'm not using jQuery. I created an API to using via `android' app.
      – zinon
      Oct 25 '17 at 7:51










    • Can you please give me an example?
      – zinon
      Oct 25 '17 at 8:03










    • 1. get csrftoken cookie with safe GET query (view can use ensure_csrf_cookie decorator) 2. use csrftoken in new POST query
      – LennyLip
      Oct 25 '17 at 8:06








    • 1




      The answer does not address Postman, which is a key part of the question.
      – BrianHVB
      Nov 20 at 18:26










    • @BrianHVB Are you sure? Answer updated
      – LennyLip
      Nov 21 at 6:12














    1












    1








    1






    To make AJAX requests, you need to include CSRF token in the HTTP header, as described in the Django documentation.



    1st option



    enter image description here



    2nd option
    enter image description here






    share|improve this answer














    To make AJAX requests, you need to include CSRF token in the HTTP header, as described in the Django documentation.



    1st option



    enter image description here



    2nd option
    enter image description here







    share|improve this answer














    share|improve this answer



    share|improve this answer








    edited Nov 21 at 6:12

























    answered Oct 25 '17 at 7:32









    LennyLip

    457612




    457612












    • I'm not using jQuery. I created an API to using via `android' app.
      – zinon
      Oct 25 '17 at 7:51










    • Can you please give me an example?
      – zinon
      Oct 25 '17 at 8:03










    • 1. get csrftoken cookie with safe GET query (view can use ensure_csrf_cookie decorator) 2. use csrftoken in new POST query
      – LennyLip
      Oct 25 '17 at 8:06








    • 1




      The answer does not address Postman, which is a key part of the question.
      – BrianHVB
      Nov 20 at 18:26










    • @BrianHVB Are you sure? Answer updated
      – LennyLip
      Nov 21 at 6:12


















    • I'm not using jQuery. I created an API to using via `android' app.
      – zinon
      Oct 25 '17 at 7:51










    • Can you please give me an example?
      – zinon
      Oct 25 '17 at 8:03










    • 1. get csrftoken cookie with safe GET query (view can use ensure_csrf_cookie decorator) 2. use csrftoken in new POST query
      – LennyLip
      Oct 25 '17 at 8:06








    • 1




      The answer does not address Postman, which is a key part of the question.
      – BrianHVB
      Nov 20 at 18:26










    • @BrianHVB Are you sure? Answer updated
      – LennyLip
      Nov 21 at 6:12
















    I'm not using jQuery. I created an API to using via `android' app.
    – zinon
    Oct 25 '17 at 7:51




    I'm not using jQuery. I created an API to using via `android' app.
    – zinon
    Oct 25 '17 at 7:51












    Can you please give me an example?
    – zinon
    Oct 25 '17 at 8:03




    Can you please give me an example?
    – zinon
    Oct 25 '17 at 8:03












    1. get csrftoken cookie with safe GET query (view can use ensure_csrf_cookie decorator) 2. use csrftoken in new POST query
    – LennyLip
    Oct 25 '17 at 8:06






    1. get csrftoken cookie with safe GET query (view can use ensure_csrf_cookie decorator) 2. use csrftoken in new POST query
    – LennyLip
    Oct 25 '17 at 8:06






    1




    1




    The answer does not address Postman, which is a key part of the question.
    – BrianHVB
    Nov 20 at 18:26




    The answer does not address Postman, which is a key part of the question.
    – BrianHVB
    Nov 20 at 18:26












    @BrianHVB Are you sure? Answer updated
    – LennyLip
    Nov 21 at 6:12




    @BrianHVB Are you sure? Answer updated
    – LennyLip
    Nov 21 at 6:12













    0














    update your class to be like this



    from braces.views import CsrfExemptMixin
    
class your_class(CsrfExemptMixin, ......yours_here)
    
   def post(...):
    
       [....]


    this will tell django to allow requests without csrf






    share|improve this answer























    • Using this I get name 'csrf_exempt' is not defined error.
      – zinon
      Oct 25 '17 at 7:35










    • I get error 'function' object has no attribute 'as_view'.In urls.py I have this line: url(r':register/$', views.ApiUserRegister.as_view(), name='register-user')
      – zinon
      Oct 25 '17 at 7:41












    • No I get the error The keyword argument "name" must be the name of a method of the decorated class: <class 'users.views.ApiUserRegister'>. Got '' instead
      – zinon
      Oct 25 '17 at 7:46












    • Unfortunately, no. I set @method_decorator(csrf_exempt, name="post") and now I get once again Forbidden (403) CSRF verification failed. Request aborted.
      – zinon
      Oct 25 '17 at 7:50










    • Is braces a module that I can install using pip3?
      – zinon
      Oct 25 '17 at 7:56
















    0














    update your class to be like this



    from braces.views import CsrfExemptMixin
    
class your_class(CsrfExemptMixin, ......yours_here)
    
   def post(...):
    
       [....]


    this will tell django to allow requests without csrf






    share|improve this answer























    • Using this I get name 'csrf_exempt' is not defined error.
      – zinon
      Oct 25 '17 at 7:35










    • I get error 'function' object has no attribute 'as_view'.In urls.py I have this line: url(r':register/$', views.ApiUserRegister.as_view(), name='register-user')
      – zinon
      Oct 25 '17 at 7:41












    • No I get the error The keyword argument "name" must be the name of a method of the decorated class: <class 'users.views.ApiUserRegister'>. Got '' instead
      – zinon
      Oct 25 '17 at 7:46












    • Unfortunately, no. I set @method_decorator(csrf_exempt, name="post") and now I get once again Forbidden (403) CSRF verification failed. Request aborted.
      – zinon
      Oct 25 '17 at 7:50










    • Is braces a module that I can install using pip3?
      – zinon
      Oct 25 '17 at 7:56














    0












    0








    0






    update your class to be like this



    from braces.views import CsrfExemptMixin
    
class your_class(CsrfExemptMixin, ......yours_here)
    
   def post(...):
    
       [....]


    this will tell django to allow requests without csrf






    share|improve this answer














    update your class to be like this



    from braces.views import CsrfExemptMixin
    
class your_class(CsrfExemptMixin, ......yours_here)
    
   def post(...):
    
       [....]


    this will tell django to allow requests without csrf







    share|improve this answer














    share|improve this answer



    share|improve this answer








    edited Oct 25 '17 at 7:55

























    answered Oct 25 '17 at 7:30









    mohammed qudah

    487313




    487313












    • Using this I get name 'csrf_exempt' is not defined error.
      – zinon
      Oct 25 '17 at 7:35










    • I get error 'function' object has no attribute 'as_view'.In urls.py I have this line: url(r':register/$', views.ApiUserRegister.as_view(), name='register-user')
      – zinon
      Oct 25 '17 at 7:41












    • No I get the error The keyword argument "name" must be the name of a method of the decorated class: <class 'users.views.ApiUserRegister'>. Got '' instead
      – zinon
      Oct 25 '17 at 7:46












    • Unfortunately, no. I set @method_decorator(csrf_exempt, name="post") and now I get once again Forbidden (403) CSRF verification failed. Request aborted.
      – zinon
      Oct 25 '17 at 7:50










    • Is braces a module that I can install using pip3?
      – zinon
      Oct 25 '17 at 7:56


















    • Using this I get name 'csrf_exempt' is not defined error.
      – zinon
      Oct 25 '17 at 7:35










    • I get error 'function' object has no attribute 'as_view'.In urls.py I have this line: url(r':register/$', views.ApiUserRegister.as_view(), name='register-user')
      – zinon
      Oct 25 '17 at 7:41












    • No I get the error The keyword argument "name" must be the name of a method of the decorated class: <class 'users.views.ApiUserRegister'>. Got '' instead
      – zinon
      Oct 25 '17 at 7:46












    • Unfortunately, no. I set @method_decorator(csrf_exempt, name="post") and now I get once again Forbidden (403) CSRF verification failed. Request aborted.
      – zinon
      Oct 25 '17 at 7:50










    • Is braces a module that I can install using pip3?
      – zinon
      Oct 25 '17 at 7:56
















    Using this I get name 'csrf_exempt' is not defined error.
    – zinon
    Oct 25 '17 at 7:35




    Using this I get name 'csrf_exempt' is not defined error.
    – zinon
    Oct 25 '17 at 7:35












    I get error 'function' object has no attribute 'as_view'.In urls.py I have this line: url(r':register/$', views.ApiUserRegister.as_view(), name='register-user')
    – zinon
    Oct 25 '17 at 7:41






    I get error 'function' object has no attribute 'as_view'.In urls.py I have this line: url(r':register/$', views.ApiUserRegister.as_view(), name='register-user')
    – zinon
    Oct 25 '17 at 7:41














    No I get the error The keyword argument "name" must be the name of a method of the decorated class: <class 'users.views.ApiUserRegister'>. Got '' instead
    – zinon
    Oct 25 '17 at 7:46






    No I get the error The keyword argument "name" must be the name of a method of the decorated class: <class 'users.views.ApiUserRegister'>. Got '' instead
    – zinon
    Oct 25 '17 at 7:46














    Unfortunately, no. I set @method_decorator(csrf_exempt, name="post") and now I get once again Forbidden (403) CSRF verification failed. Request aborted.
    – zinon
    Oct 25 '17 at 7:50




    Unfortunately, no. I set @method_decorator(csrf_exempt, name="post") and now I get once again Forbidden (403) CSRF verification failed. Request aborted.
    – zinon
    Oct 25 '17 at 7:50












    Is braces a module that I can install using pip3?
    – zinon
    Oct 25 '17 at 7:56




    Is braces a module that I can install using pip3?
    – zinon
    Oct 25 '17 at 7:56











    0














    Try this.



    from django.views.decorators.csrf import csrf_exempt
    
class ApiUserRegister(APIView):
    
permission_classes = ()
    
serializer_class = RegisterUserSerializer
    

    
    @csrf_exempt
    
    def post(self, request):
    
        serializer = RegisterUserSerializer(data=request.data)





    share|improve this answer





















    • I tried it but forbidden 403 error remains.
      – zinon
      Oct 25 '17 at 13:25










    • Refer this. stackoverflow.com/questions/12174040/…
      – python_user
      Oct 27 '17 at 7:34












    • I'm not using any template.
      – zinon
      Oct 27 '17 at 7:38
















    0














    Try this.



    from django.views.decorators.csrf import csrf_exempt
    
class ApiUserRegister(APIView):
    
permission_classes = ()
    
serializer_class = RegisterUserSerializer
    

    
    @csrf_exempt
    
    def post(self, request):
    
        serializer = RegisterUserSerializer(data=request.data)





    share|improve this answer





















    • I tried it but forbidden 403 error remains.
      – zinon
      Oct 25 '17 at 13:25










    • Refer this. stackoverflow.com/questions/12174040/…
      – python_user
      Oct 27 '17 at 7:34












    • I'm not using any template.
      – zinon
      Oct 27 '17 at 7:38














    0












    0








    0






    Try this.



    from django.views.decorators.csrf import csrf_exempt
    
class ApiUserRegister(APIView):
    
permission_classes = ()
    
serializer_class = RegisterUserSerializer
    

    
    @csrf_exempt
    
    def post(self, request):
    
        serializer = RegisterUserSerializer(data=request.data)





    share|improve this answer












    Try this.



    from django.views.decorators.csrf import csrf_exempt
    
class ApiUserRegister(APIView):
    
permission_classes = ()
    
serializer_class = RegisterUserSerializer
    

    
    @csrf_exempt
    
    def post(self, request):
    
        serializer = RegisterUserSerializer(data=request.data)






    share|improve this answer












    share|improve this answer



    share|improve this answer










    answered Oct 25 '17 at 12:15









    python_user

    114




    114












    • I tried it but forbidden 403 error remains.
      – zinon
      Oct 25 '17 at 13:25










    • Refer this. stackoverflow.com/questions/12174040/…
      – python_user
      Oct 27 '17 at 7:34












    • I'm not using any template.
      – zinon
      Oct 27 '17 at 7:38


















    • I tried it but forbidden 403 error remains.
      – zinon
      Oct 25 '17 at 13:25










    • Refer this. stackoverflow.com/questions/12174040/…
      – python_user
      Oct 27 '17 at 7:34












    • I'm not using any template.
      – zinon
      Oct 27 '17 at 7:38
















    I tried it but forbidden 403 error remains.
    – zinon
    Oct 25 '17 at 13:25




    I tried it but forbidden 403 error remains.
    – zinon
    Oct 25 '17 at 13:25












    Refer this. stackoverflow.com/questions/12174040/…
    – python_user
    Oct 27 '17 at 7:34






    Refer this. stackoverflow.com/questions/12174040/…
    – python_user
    Oct 27 '17 at 7:34














    I'm not using any template.
    – zinon
    Oct 27 '17 at 7:38




    I'm not using any template.
    – zinon
    Oct 27 '17 at 7:38











    0














    In urls file, try this:



    urlpatterns = [
    
    url(r'^your_uri/', views.YourView.as_view()),
    
]


    this will tell django to allow requests without csrf






    share|improve this answer


























      0














      In urls file, try this:



      urlpatterns = [
      
    url(r'^your_uri/', views.YourView.as_view()),
      
]


      this will tell django to allow requests without csrf






      share|improve this answer
























        0












        0








        0






        In urls file, try this:



        urlpatterns = [
        
    url(r'^your_uri/', views.YourView.as_view()),
        
]


        this will tell django to allow requests without csrf






        share|improve this answer












        In urls file, try this:



        urlpatterns = [
        
    url(r'^your_uri/', views.YourView.as_view()),
        
]


        this will tell django to allow requests without csrf







        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered Dec 10 at 10:38









        TrungVK

        1




        1






























            draft saved

            draft discarded




















































            Thanks for contributing an answer to Stack Overflow!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.





            Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


            Please pay close attention to the following guidance:


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f46926227%2frun-django-api-from-postman-csrf-verification-failed%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            -

            Popular posts from this blog

            To store a contact into the json file from server.js file using a class in NodeJS

            Image
            0 I have created three files -contactPresentation.js, contactService.js, contacts.json. I will run the contactService.js file. And it will navigate to contactPresentation.js file that will only choose an option to either add or display a file. If add(), then add the data into add of service file.And the data will be added to the contacts.json file . And if display(), then display the display() of service file. And the display will take the data from contacts.json file. However, i know my code is flawed. Please correct it . I am also getting an error - this.contacts.push(new ContactService(userName, contactNumber, emailId)); ^ TypeError: Cannot read property 'push' of undefined at ContactService.add (e:NodeJSProjectcontactManager2contactService.js:57:23) at new C
            Read more

            Redirect URL with Chrome Remote Debugging Android Devices

            Image
            1 How can i redirect an URL with Chrome Remote Debugging Android Devices? like Requestly Chrome extension on desktop. google-chrome debugging url redirect testing share | improve this question edited Nov 24 '18 at 8:16 sachinjain024 14.7k 23 73 129 asked Nov 23 '18 at 16:09 Momen Momen 91 10
            Read more

            Dieringhausen

            Image
            Dieringhausen Stadt Gummersbach 50.982777777778 7.5316666666667 165 Koordinaten: 50° 58′ 58″  N , 7° 31′ 54″  O Höhe: 165  (160–245)  m Einwohner: 5055  (30. Jun. 2016) Postleitzahl: 51645 Vorwahl: 02261 Lage von Dieringhausen in Gummersbach Im Hohl ca. 1927–1930 Ansicht von Südwesten bei Bünghausen Dieringhausen (im örtlichen Dialekt Dierkesen ) ist ein Ortsteil von Gummersbach im Oberbergischen Kreis, Regierungsbezirk Köln, Nordrhein-Westfalen (Deutschland). Inhaltsverzeichnis 1 Geographie 2 Geschichte 3 Kultur 3.1 Sehenswürdigkeiten 3.2 Regelmäßige Veranstaltungen 4 Infrastruktur und Wirtschaft 4.1 Verkehr 4.1.1 Schienen- und Busverkehr 4.1.2 Straßen 4.2 Öffentliche Einrichtungen 4.2.1 Schulen und Bildungseinrichtungen 4.2.2 Kirchliche Einrichtungen 5 Persönlichkeiten 5.1 In Dieringhausen geboren 5.2 In Dieringhausen gelebt 6 Einzelnachweise 7
            Read more