Django Rest Framework – Why am I getting a CSRF cookie not set on only one URL when there is NO difference from the other forms
Question:
I have this URL for someone to rate an opportunity:
path("opportunities/rate/", RateOpportunity.as_view),
I am using a Vue application to make a post request and all the other forms on the site work fine and I can make the requests and post content but this specific endpoint gives me a CSRF cookie not set error. There is no difference between this form and the other forms.
This is the view I am using:
class RateOpportunity(generics.CreateAPIView):
permission_classes = [permissions.IsAuthenticated]
serializer_class = OpportunityRateSerializer
name = "rate-opportunity"
def get_queryset(self):
id = self.kwargs["pk"]
return Opportunity.objects.all().filter(opportunity=id)
Why am I getting this error only on this endpoint and not any one of the others?
Answers:
first of all – you need to call method as_view in your path.
secondly. As I know CreateAPIView do not using get_queryset method at all, so you can remove it.
In your frontend framework when you send request to backend – do you add something like withCredentials = true;. idk I am not frontender.
But cookie is only browser feature, so make sure that cookie is setted
I have this URL for someone to rate an opportunity:
path("opportunities/rate/", RateOpportunity.as_view),
I am using a Vue application to make a post request and all the other forms on the site work fine and I can make the requests and post content but this specific endpoint gives me a CSRF cookie not set error. There is no difference between this form and the other forms.
This is the view I am using:
class RateOpportunity(generics.CreateAPIView):
permission_classes = [permissions.IsAuthenticated]
serializer_class = OpportunityRateSerializer
name = "rate-opportunity"
def get_queryset(self):
id = self.kwargs["pk"]
return Opportunity.objects.all().filter(opportunity=id)
Why am I getting this error only on this endpoint and not any one of the others?
first of all – you need to call method as_view in your path.
secondly. As I know CreateAPIView do not using get_queryset method at all, so you can remove it.
In your frontend framework when you send request to backend – do you add something like withCredentials = true;. idk I am not frontender.
But cookie is only browser feature, so make sure that cookie is setted