For my register and login views, I get this error
CSRF verification failed. Request aborted.
You are seeing this message because this site requires a CSRF cookie when submitting forms. This cookie is required for security reasons, to ensure that your browser is not being hijacked by third parties.
If you have configured your browser to disable cookies, please re-enable them, at least for this site, or for “same-origin” requests.
when I try accessing the endpoints. I can avoid this by adding a csrf_exempt decorator, but I'm worried about the security implications behind making a POST request csrf-exempt. My register endpoint specifically will write a verification code to my database (which the user has to enter to verify their email). Is there any way around this?
I'm confused since to get a csrf token, I have to first call login(), but how can I access the login endpoint without a csrf token?
I created an endpoint that lets me generate a csrf token on demand which I first call before any of my login/register endpoints.
from django.views.decorators.csrf import get_token, ensure_csrf_cookie
@ensure_csrf_cookie
def get_csrf_token(request):
csrf_token = get_token(request)
return JsonResponse({'csrf_token': csrf_token})