DEV Community

Ayoola Tosin
Ayoola Tosin

Posted on

CSRF verification failed. Request aborted. in django rest framework

halo i'm working on a project, using drf, but i'm getting CSRF verification failed. Request aborted at first everything was working, but now when i test my api i keep keep getting,CSRF verification failed below is my setting & view codes

settings file

REST_FRAMEWORK = {

    DEFAULT_AUTHENTICATION_CLASSES': (
        'rest_framework_simplejwt.authentication.JWTAuthentication
   ),

    'DATE_INPUT_FORMATS': [("%Y-%m-%d")],
    'DEFAULT_PERMISSION_CLASSES': (
        'rest_framework.permissions.IsAuthenticated'
    ),

    'DEFAULT_PARSER_CLASSES': (
        'rest_framework.parsers.JSONParser',
        'rest_framework.parsers.FormParser',
        'rest_framework.parsers.MultiPartParser',
    ),
    'DEFAULT_PAGINATION_CLASS': 'rest_framework.pagination.PageNumberPagination',
    'PAGE_SIZE': 100

}
Enter fullscreen mode Exit fullscreen mode

views

class createProfileView(generics.CreateAPIView):
    queryset = UserProfile.objects.all()
    serializer_class   = UserProfileSerializer
    permission_classes= [permissions.IsAuthenticated]
    parser_classes = (MultiPartParser, FormParser)

    def create(self,request, *args, **kwargs):
        serializer = self.get_serializer(
            data=request.data, instance = request.user.user_profile 
        )
        serializer.is_valid(raise_exception=True)
        self.perform_create(serializer)
        headers = self.get_success_headers(serializer.data)
        res  = {
            'msg' : 'Profile successfully created',
            'status':status.HTTP_201_CREATED,
            'headers': headers,
            'data': serializer.data,

        }
        return Response(res)

    def perform_create(self, serializer):
        serializer.save(user=self.request.user)
Enter fullscreen mode Exit fullscreen mode

can anyone help

Top comments (1)

Collapse
 
sameerahmed123 profile image
sameer-ahmed123 • Edited

hi , csrf verification is Djangos built in security measure , it mostly occurs when there is missing CSRFtoken inside a form .
I suggest you take a look at the templates in your app and add any CSRFtoken that is missing , it will most likely solve your problem

a dango form should look like :

CSRF token