Django server login authorization: CSRF failed

Hi,
I’m trying to implement user login system based on token. In a browser mode (chrome) it works alright (http POST request to the django server -> response with the valid token), but from my android device I’m getting error:

CSRF failed: Referer checking failed - no Referer. Status 403 Forbidden.

Any suggestions ?

Cordova CLI: 6.3.1
Gulp version: CLI version 3.9.1
Gulp local: Local version 3.9.1
Ionic Framework Version: 2.0.0-beta.11
Ionic CLI Version: 2.0.0-beta.36
Ionic App Lib Version: 2.0.0-beta.19
OS: Windows 7 SP1
Node Version: v4.5.0

Since i’ve updated to 2.0.0 Ionic CLI i have had some problems with both emulate and on my device. Not sure why and tried downgrading again to 1.1.76 but with no success.

Can i see how you’ve set up the http call?

Thanks for the clue, here is my login method in the ‘api’ provider:

headers:Headers = new  Headers ({
                                'Content-Type': 'application/json',
                                Accept: 'application/json'
                               })

login(creds:any): Observable<any> {
    let body = JSON.stringify(creds);
    let options = new RequestOptions ({ headers: this.headers});
    return this.http.post(this.url , body, options)
    .map(this.checkForError)
    .catch(err => Observable.throw(err))
    .map(this.getJson)
  }

Calling method:

onSubmit(model: IFormLogin, isValid: boolean) {
        this.submitted = true;
        if(isValid)   {
        this.api.login(model)
               .subscribe(
                response => this.onSuccess(response),
                error => this.onFailure(error) 
                )
        }}

Looks good, i think. Maybe you need to set a content-type, like:

form-data, x-www-form-urlencoded, raw or another? Not sure if that will help.

The same error :frowning:

It’s very strange, because when I deploy the app to the emulator everything works fine - I can login without any errors.

Is there a referer header when you deploy it in the emulator? Because that’s what you need if I read the error correctly. You can check it with the chrome remote debugging tools

Hi, thanks for the tip, but unfortunately I can’t re-login from the emulator as well. These is the same error:

{"detail":"CSRF Failed: Referer checking failed - no Referer."}

Screen from the dev inspector:

In the request headers there is no ‘Referer’, referer =null while checking in the csrf validation function (probably CsrfViewMiddleware), so it must be rejected.

I suppose, the only way my app could pass a validation process is to change something on the server side :frowning:

you need to disable csrf check, its not for API’s. you can use jwt tokens for django and drf

Yep ,I’ve sent request to the backend, thanks guys for the help!