i need help with Django Rest and Social Auth.... I have one view with the next structure...
class ObtainAuthTokenFacebook(APIView):
parser_classes = (parsers.FormParser, parsers.MultiPartParser, parsers.JSONParser,)
renderer_classes = (renderers.JSONRenderer,)
serializer_class = AuthTokenSerializer
def post(self, request, backend):
serializer = self.serializer_class(data=request.DATA)
user = register_by_access_token(request, backend)
And this is me fucntion to login....
from django.contrib.auth import login
@psa('social:complete')
def register_by_access_token(request, backend, *args, **kwargs):
access_token = request.data.get('token')
user = request.backend.do_auth(access_token)
if user:
login(request, user)
return user
else:
return 'ERROR'
when in my view a send the response.... my front end recieve this...
HTTP/1.0 200 OK
Date: Fri, 07 Aug 2015 18:53:31 GMT
Server: WSGIServer/0.1 Python/2.7.9
Vary: Cookie
X-Frame-Options: SAMEORIGIN
Content-Type: application/json
Allow: POST, OPTIONS
Set-Cookie: csrftoken=PZHraHwhFsog2eT6n5psckJBfFEPmPQR; expires=Fri, 05-Aug-2016 18:53:31 GMT; Max-Age=31449600; Path=/
Set-Cookie: sessionid=nhxbh9slhw3pw887necskqfohczkzxo3; expires=Fri, 21-Aug-2015 18:53:31 GMT; httponly; Max-Age=1209600; Path=/
But.... i this moments i working with ios and ios save the cookies of the first request... , and when i send the same request the cookies paste in my headers .... the server respond with one 403....This is because the code have structure like this, where my request send the csrftoken and one sessionid..
And when the request arrive to the server , this refuse this request...
How i manager the csrf token in my backend....to avoid reject future requests.....
