mirror of
https://github.com/graphql-python/graphene-django.git
synced 2024-11-25 19:14:11 +03:00
Add information on how to deal with CSRF protection (#838)
This commit is contained in:
parent
b8a2d5953a
commit
de87573e0c
|
@ -67,3 +67,25 @@ The most basic ``schema.py`` looks like this:
|
|||
|
||||
|
||||
To learn how to extend the schema object for your project, read the basic tutorial.
|
||||
|
||||
CSRF exempt
|
||||
-----------
|
||||
|
||||
If have enabled `CSRF protection <https://docs.djangoproject.com/en/3.0/ref/csrf/>`_ in your Django app
|
||||
you will find that it prevents your API clients from POSTing to the ``graphql`` endpoint. You can either
|
||||
update your API client to pass the CSRF token with each request (the Django docs have a guide on how to do that: https://docs.djangoproject.com/en/3.0/ref/csrf/#ajax) or you can exempt your Graphql endpoint from CSRF protection by wrapping the ``GraphQLView`` with the ``csrf_exempt``
|
||||
decorator:
|
||||
|
||||
.. code:: python
|
||||
|
||||
# urls.py
|
||||
|
||||
from django.urls import path
|
||||
from django.views.decorators.csrf import csrf_exempt
|
||||
|
||||
from graphene_django.views import GraphQLView
|
||||
|
||||
urlpatterns = [
|
||||
# ...
|
||||
path("graphql", csrf_exempt(GraphQLView.as_view(graphiql=True))),
|
||||
]
|
||||
|
|
Loading…
Reference in New Issue
Block a user