From cee6823ec006407671838a4b68ea423627fc5602 Mon Sep 17 00:00:00 2001 From: jeffrey k eliasen Date: Sat, 22 Sep 2018 15:24:28 -1000 Subject: [PATCH] update docs regarding coreapi with session-CSRF --- docs/topics/api-clients.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/docs/topics/api-clients.md b/docs/topics/api-clients.md index ec0b4272c..23e63a267 100644 --- a/docs/topics/api-clients.md +++ b/docs/topics/api-clients.md @@ -428,6 +428,9 @@ the user to login, and then instantiate a client using session authentication: The authentication scheme will handle including a CSRF header in any outgoing requests for unsafe HTTP methods. +** Note: ** This mechanism does not work when used in conjunction with +`CSRF_USE_SESSIONS = True` in your Django settings. + #### Token authentication The `TokenAuthentication` class can be used to support REST framework's built-in