mirror of
https://github.com/graphql-python/graphene-django.git
synced 2024-11-26 03:24:07 +03:00
Add information on how to deal with CSRF protection (#838)
This commit is contained in:
parent
b8a2d5953a
commit
de87573e0c
|
@ -67,3 +67,25 @@ The most basic ``schema.py`` looks like this:
|
||||||
|
|
||||||
|
|
||||||
To learn how to extend the schema object for your project, read the basic tutorial.
|
To learn how to extend the schema object for your project, read the basic tutorial.
|
||||||
|
|
||||||
|
CSRF exempt
|
||||||
|
-----------
|
||||||
|
|
||||||
|
If have enabled `CSRF protection <https://docs.djangoproject.com/en/3.0/ref/csrf/>`_ in your Django app
|
||||||
|
you will find that it prevents your API clients from POSTing to the ``graphql`` endpoint. You can either
|
||||||
|
update your API client to pass the CSRF token with each request (the Django docs have a guide on how to do that: https://docs.djangoproject.com/en/3.0/ref/csrf/#ajax) or you can exempt your Graphql endpoint from CSRF protection by wrapping the ``GraphQLView`` with the ``csrf_exempt``
|
||||||
|
decorator:
|
||||||
|
|
||||||
|
.. code:: python
|
||||||
|
|
||||||
|
# urls.py
|
||||||
|
|
||||||
|
from django.urls import path
|
||||||
|
from django.views.decorators.csrf import csrf_exempt
|
||||||
|
|
||||||
|
from graphene_django.views import GraphQLView
|
||||||
|
|
||||||
|
urlpatterns = [
|
||||||
|
# ...
|
||||||
|
path("graphql", csrf_exempt(GraphQLView.as_view(graphiql=True))),
|
||||||
|
]
|
||||||
|
|
Loading…
Reference in New Issue
Block a user