Django Integration

Django add protection against Cross Site Request Forgery, by requiring the 'X-CSRFToken' header in requests.

Additionally Django's authentication uses cookies, so we need to send credentials fetch credentials. If you use an auth type other than the default 'django.contrib.auth', see authentication guide for more examples.

getCookie

DjangoEndpoint

MyResource

import { RestEndpoint } from '@data-client/rest';
import getCookie from './getCookie';

export default class DjangoEndpoint<
  O extends RestGenerics = any,
> extends RestEndpoint<O> {
  async getRequestInit(body: any): Promise<RequestInit> {
    return {
      ...(await super.getRequestInit(body)),
      credentials: 'same-origin',
    };
  }
  getHeaders(headers: HeadersInit) {
    if (this.method === 'GET') return headers;
    return {
      ...headers,
      'X-CSRFToken': getCookie('csrftoken'),
    };
  }
}

▶Request

import { MyResource } from './MyResource';
MyResource.get({ id: 1 });

Request

GET /my/1
Content-Type: application/json
X-CSRFToken: xyz
Cookie: session=abc;

Response200

{
  "id": "1",
  "title": "this post"
}

Cookie Auth + CSRF​

Cookie Auth + CSRF