django 已取消csrf 验证 报错 "detail": "CSRF Failed: CSRF cookie not set."

使用apizza 做API文档  请求接口报错

 

apizza 请求时 会加上csrf  

但是django的session验证 还会验证CSRF

去掉SessionAuthentication的验证后ok 

 

class SessionAuthentication(BaseAuthentication):
    """
    Use Django's session framework for authentication.
    """

    def authenticate(self, request):
        """
        Returns a `User` if the request session currently has a logged in user.
        Otherwise returns `None`.
        """

        # Get the session-based user from the underlying HttpRequest object
        user = getattr(request._request, 'user', None)

        # Unauthenticated, CSRF validation not required
        if not user or not user.is_active:
            return None

        self.enforce_csrf(request)

        # CSRF passed with authenticated user
        return (user, None)

你可能感兴趣的:(django)