graphql-python/graphene-django
1
1
Fork 0
mirror of https://github.com/graphql-python/graphene-django.git synced 2024-11-22 09:37:07 +03:00
Code Issues Packages Projects Releases Wiki Activity

Add information on how to deal with CSRF protection (#838)

Browse Source
This commit is contained in:
Jonathan Kim 2020-01-11 14:49:17 +01:00 committed by GitHub
parent b8a2d5953a
commit de87573e0c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 23 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
docs/installation.rst
View File

@ -66,4 +66,26 @@ The most basic ``schema.py`` looks like this:
schema = graphene.Schema(query=Query) schema = graphene.Schema(query=Query)
To learn how to extend the schema object for your project, read the basic tutorial. To learn how to extend the schema object for your project, read the basic tutorial.
CSRF exempt
-----------
If have enabled `CSRF protection <https://docs.djangoproject.com/en/3.0/ref/csrf/>`_ in your Django app
you will find that it prevents your API clients from POSTing to the ``graphql`` endpoint. You can either
update your API client to pass the CSRF token with each request (the Django docs have a guide on how to do that: https://docs.djangoproject.com/en/3.0/ref/csrf/#ajax) or you can exempt your Graphql endpoint from CSRF protection by wrapping the ``GraphQLView`` with the ``csrf_exempt``
decorator:
.. code:: python
# urls.py
from django.urls import path
from django.views.decorators.csrf import csrf_exempt
from graphene_django.views import GraphQLView
urlpatterns = [
# ...
path("graphql", csrf_exempt(GraphQLView.as_view(graphiql=True))),
]