Re: Proposal: Make CSRF token validation for other HTTP Methods (PUT, PATCH, DELETE) The Same as POST

Thanks, Tom Christie. Now i understand why. On Saturday, May 6, 2017 at 11:49:57 PM UTC+1, Osaetin Daniel wrote: > > I came across this issue, because i'm building a SPA with Vue and Django > Rest Framework as the backend. > > I'm using SessionAuthentication Which req

Proposal: Make CSRF token validation for other HTTP Methods (PUT, PATCH, DELETE) The Same as POST

I came across this issue, because i'm building a SPA with Vue and Django Rest Framework as the backend. I'm using SessionAuthentication Which requires that the CSRF token must be sent along with the data for HTTP methods that Change State on the Server if not the request would be flagged as inv