When you are using SessionAuthentication, you are using Django’s authentication which usually requires CSRF to be checked. Django REST Framework enforces this, only for SessionAuthentication
, so you must pass the CSRF token in the X-CSRFToken
header.
The Django documentation provides more information on retrieving the CSRF token using jQuery and sending it in requests. The CSRF token is saved as a cookie called csrftoken
that you can retrieve from a HTTP response, which varies depending on the language that is being used.
If you cannot retrieve the CSRF cookie, this is usually a sign that you should not be using SessionAuthentication
. I recommend looking into TokenAuthentication or OAuth 2.0 depending on your needs.