Django receiving json post request from external source
Question:
I have written a view function that processes a post request containing json data from a source outside of django (labview). I’m just testing it to begin with so it looks like this
def post_entry(request):
'''Process incoming json string
'''
if request.method == 'POST':
post_data = request.body
# Return a response
return HttpResponse('data received OK')
I’ve written a test to test this and it passes fine:
def test_post_entry_view_good_post_data(self):
'''post_entry view should return a 200 status if valid
'''
data = {'DHTP Data': ['10', '50.296', '50.94', '50.418', '50.425', '50.431', '50.94'],
'Test String': 'My Test String'}
request_url = reverse('post_entry')
response = self.client.post(request_url, content_type='application/json',
data=dumps(data))
# Should return a 200 response indicating ok
self.assertEqual(response.status_code, 200)
But when labview posts the data post_entry
returns a 403 forbidden error. I guess this is due to no csrf token being present, but why does the test pass in this case?
Answers:
The test client works around the CSRF functionality. See https://docs.djangoproject.com/en/1.9/ref/csrf/#testing
If you are going to have a view that accepts post data from a source external to your app you need to make your view exempt from CSRF protection by using csrf_exempt:
@csrf_exempt
def post_entry(request):
'''Process incoming json string
'''
If you are going to do this, you should use some other method of validating the request
If your view is supposed to accept POST
from external sources it is upon you to validate the request as every POST
request is required to have a CSRF token (Refer: CSRF). Hence, for your purpose, you’ll have to exempt the view from CSRF validation using @csrf_exempt
decorator and write your own validation for the request using something like Token Authentication
Use this line to get the decorator needed to bypass CSRF protection:
from django.views.decorators.csrf import csrf_exempt
then put the @csrf_exempt decorator on the line before your function.
I have written a view function that processes a post request containing json data from a source outside of django (labview). I’m just testing it to begin with so it looks like this
def post_entry(request):
'''Process incoming json string
'''
if request.method == 'POST':
post_data = request.body
# Return a response
return HttpResponse('data received OK')
I’ve written a test to test this and it passes fine:
def test_post_entry_view_good_post_data(self):
'''post_entry view should return a 200 status if valid
'''
data = {'DHTP Data': ['10', '50.296', '50.94', '50.418', '50.425', '50.431', '50.94'],
'Test String': 'My Test String'}
request_url = reverse('post_entry')
response = self.client.post(request_url, content_type='application/json',
data=dumps(data))
# Should return a 200 response indicating ok
self.assertEqual(response.status_code, 200)
But when labview posts the data post_entry
returns a 403 forbidden error. I guess this is due to no csrf token being present, but why does the test pass in this case?
The test client works around the CSRF functionality. See https://docs.djangoproject.com/en/1.9/ref/csrf/#testing
If you are going to have a view that accepts post data from a source external to your app you need to make your view exempt from CSRF protection by using csrf_exempt:
@csrf_exempt
def post_entry(request):
'''Process incoming json string
'''
If you are going to do this, you should use some other method of validating the request
If your view is supposed to accept POST
from external sources it is upon you to validate the request as every POST
request is required to have a CSRF token (Refer: CSRF). Hence, for your purpose, you’ll have to exempt the view from CSRF validation using @csrf_exempt
decorator and write your own validation for the request using something like Token Authentication
Use this line to get the decorator needed to bypass CSRF protection:
from django.views.decorators.csrf import csrf_exempt
then put the @csrf_exempt decorator on the line before your function.