Skip to main content

Django Integration

Django add protection against Cross Site Request Forgery, by requiring the 'X-CSRFToken' header in requests.

Additionally Django's authentication uses cookies, so we need to send credentials fetch credentials. If you use an auth type other than the default 'django.contrib.auth', see authentication guide for more examples.

import { RestEndpoint } from '@data-client/rest';
import getCookie from './getCookie';

export default class DjangoEndpoint<
  O extends RestGenerics = any,
> extends RestEndpoint<O> {
  async getRequestInit(body: any): Promise<RequestInit> {
    return {
      ...(await super.getRequestInit(body)),
      credentials: 'same-origin',
  getHeaders(headers: HeadersInit) {
    if (this.method === 'GET') return headers;
    return {
      'X-CSRFToken': getCookie('csrftoken'),
import { MyResource } from './MyResource';
MyResource.get({ id: 1 });
GET /my/1
Content-Type: application/json
X-CSRFToken: xyz
Cookie: session=abc;
"id": "1",
"title": "this post"