-2

I am making a website using Django and AngularJs2.

When I created the login form then submit form, Django shows an error:

forbidden (CSRF token missing or incorrect.)

I know Django wants me to add a CSRF token, but I don't know how.

UPDATE this is user.service.ts :

import { Injectable } from '@angular/core';
import { Http, Headers } from '@angular/http';

@Injectable()
export class UserService {
   private loggedIn = false;

   constructor(private http: Http) {
   this.loggedIn = !!localStorage.getItem('auth_token');
}

login(email:string, password:string) {
let headers = new Headers();
headers.append('Content-Type', 'application/json');

return this.http
  .post(
    '/accounts/login', 
    JSON.stringify({ email, password }), 
    { headers }
  )
  .map(res => res.json())
  .map((res) => {
    if (res.success) {
      /* localStorage.setItem('auth_token', res.auth_token);
      this.loggedIn = true; */
      console.log(res);
    }

    return res.success;
  });
 }

logout() {
   localStorage.removeItem('auth_token');
   this.loggedIn = false;
 }

isLoggedIn() {
   return this.loggedIn;
 }
}

login.component.ts :

 // login.component.ts
   import { Component } from '@angular/core';
   import { Router } from '@angular/router';

   import { UserService } from './user.service';

   @Component({
       selector: 'login',
       template: `...`
    })
    export class LoginComponent {
        constructor(private userService: UserService, private router:            Router) {}

        onSubmit(email, password) {
            this.userService.login(email, password).subscribe((result) => {
         if (result) {
            this.router.navigate(['']);
          }
       });
      }
   }
Improve this question
2
  • not enough code to represent the problem Commented Sep 13, 2016 at 10:23
  • See docs.djangoproject.com/en/1.10/ref/csrf/#ajax as it should help. Once you take the value send it as extra headers as shown by Sebastian. Commented Sep 13, 2016 at 13:27

1 Answer 1

Reset to default
0 
from django.views.decorators.csrf import csrf_exempt

@csrf_exempt
def your_view(request):
    pass

or if you want to have csrf, send it with your angular

$httpProvider.defaults.xsrfHeaderName = 'X-CSRFToken';
$httpProvider.defaults.xsrfCookieName = 'csrftoken';
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

if i use @csrf_exempt then DJANGO shows error message : Forbidden (CSRF cookie not set.): /accounts/login, front end show error message : Response with status: 403 Forbidden for URL: localhost:8000/accounts/login
$httpProvider.defaults.xsrfHeaderName = 'X-CSRFToken'; $httpProvider.defaults.xsrfCookieName = 'csrftoken'; I don't know how can use it, where I can place it into file code !????

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.