2

I've an app with Django as server and Angular in front end. I know both Django and Angular have in-build support for CSRF (Cross Site Request Forgery) protection.

So from these resources:

http://django-angular.readthedocs.org/en/latest/csrf-protection.html

Django csrf token + Angularjs

I could implement CSRF protection easily. But unfortunaltely that solutions not working for me.

More digging showed that, it won't work for Cross domains. Well, my Django and Angular will be in same domain after the build, I want to test the CSRF in my development environment.

So my question is, how can I use CSRF in cross-domain (in this scenario)? At least in my dev environment? (http://localhost/)

Thanks in advance.

Improve this question
10
  • From which server angular files are served? Commented Feb 19, 2016 at 11:32
  • Like I said, after the build the files will be in same domain. But now I am running it from my system itself.(localhost) Commented Feb 19, 2016 at 11:35
  • Im having similar setup to yours (without using django-angular though) and solution presented in second link you posted works just fine. Also i don't see how you could have CORS problem in your dev environment. Could you elaborate on issue you are having ? Commented Feb 19, 2016 at 11:36
  • @AsimKT I'm asking whether you are using ngnix or any other static server. Commented Feb 19, 2016 at 11:39
  • When I am serving my files in localhost there will be CORS issue, because the server is residing in another domain. We have enabled the CORS in server so that I can access the apis from anywhere. You had server and client in different domains? @4rlekin Commented Feb 19, 2016 at 11:40

1 Answer 1

Reset to default
0

I think you could simulate domain name by modifying /etc/hosts file , please refer to the below link for more information, it will surely solve your problem

https://docs.acquia.com/article/using-etchosts-file-custom-domains-during-development

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.