1

I'm rather confused regarding the following error: "Forbidden (CSRF cookie not set.)". This error is received during attempting to logout, login, signup.

The problem is similar to this post which was never answered: Django (DRF) & React - Forbidden (CSRF cookie not set)

I used axios and JWT for handling authentication. I have two git branches to track this error. On the master branch I have the original authentication setup. It works just fine, no errors. On a second branch (we'll call it branch2), I get the error specified above. The only difference between the two branches is that I ran the cmd django-admin startapp books. I then proceeded to setup the model, serialization, views, and urls for the books app on branch2. I also added it to the settings.py installed apps. Other than that, nothing has changed. Therefore the authentication process should remain the same.

React handles the looks of the website but the default django ip is used for development: http://127.0.0.1:8000/ I run npm run build in order to update react's current build.

Book View (branch2)

# Book Imports
from .serializers import BookSerializer
from .models import BookModel

#####   Book API  #####

# A Complete List of ALL Projects
class ProjectListAPI(generics.ListAPIView):
    queryset = BookModel.objects.all()
    serializer_class = BookSerializer

Book Serialization

class BookSerializer(serializers.ModelSerializer):
    class Meta:
        model = BookModel
        fields = "__all__"

Book Urls

from .views import (BookListAPI, BookRetrieveUpdateApi)

urlpatterns = [
    path('book/list', BookListAPI.as_view(), name='book-list'),
]

While there are many similar issues posted on stack overflow regarding a CSRF cookie not set error, none seem to fix the error I am experiancing.

Improve this question
2
  • 1
    Can you share your REST_FRAMEWORK={...} from the settings.py ? Commented Jul 19, 2021 at 5:08
  • 1
    REST_FRAMEWORK = { 'DEFAULT_PERMISSION_CLASSES': ( 'rest_framework.permissions.IsAuthenticated', ), 'DEFAULT_AUTHENTICATION_CLASSES': ( 'rest_framework_simplejwt.authentication.JWTAuthentication', ), } I have also tried it with "rest_framework.permissions.AllowAny" as the default permission class. It gave the error "CSRF token missing or incorrect" Commented Jul 21, 2021 at 0:50

1 Answer 1

Reset to default
0

I just experienced situation where some PUT routes of my app worked, while others showed this csrf not set error. I found that if the pk was put at end of endpoint in my case it could only be a GET request. This fixed it. This finding is anecdotal. I switched from /comment/edit/ to /comment//edit

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.