Try CSRF Exempt auth/token

2022-11-27 21:17:44 -07:00
parent 7653a1f0a5
commit 34edcd53cb
3 changed files with 18 additions and 2 deletions
--- a/one_trip/lib/api/consts.dart
+++ b/one_trip/lib/api/consts.dart
@@ -1,4 +1,4 @@
-// const String baseURL = "https://groceries.alaevens.ca";
-const String baseURL = "http://192.168.0.16:8000";
+const String baseURL = "https://groceries.alaevens.ca";
+// const String baseURL = "http://192.168.0.16:8000";

 const int resultsPerPage = 4;
--- a/one_trip_api/one_trip_api/settings/base.py
+++ b/one_trip_api/one_trip_api/settings/base.py
@@ -46,6 +46,7 @@ INSTALLED_APPS = [
 ]

 MIDDLEWARE = [
+    'users.middleware.ExemptCSRFMiddleware',
    'django.middleware.security.SecurityMiddleware',
    'django.contrib.sessions.middleware.SessionMiddleware',
    'corsheaders.middleware.CorsMiddleware',
--- a/one_trip_api/users/middleware.py
+++ b/one_trip_api/users/middleware.py
@@ -0,0 +1,15 @@
+# https://stackoverflow.com/a/41728627/13538080
+
+from django.http import request
+
+class ExemptCSRFMiddleware:
+    def __init__(self, get_response):
+        self.get_response = get_response
+
+    def __call__(self, request):
+        
+        if request.path_info == "/auth/token":
+            setattr(request, '_dont_enforce_csrf_checks', True)
+
+        response = self.get_response(request)
+        return response