hiya! i'm working on my web app. (still newbie here) i've a question;
well, i'm using react on front-end and django on back-end.
to better api management, i'm using djangorestframework.
but djangorestframework disabling CSRF protection. that's reason i started to use djangorestframework-simplejwt.
but i think it's not like CSRF protection.
but i want a CSRF protection for my web app. (especially for my register/login page.)
Django shouldn't render any template since my client side is react - SPA.
so, how can i provide CSRF protection to my web app?
#DRF disables CSRF token
blissful crest
urban ferry
If you want CSRF with DRF, use their SessionAuthentication https://www.django-rest-framework.org/topics/ajax-csrf-cors/#csrf-protection