As @Chris Hawkes pointed out this stackoverflow answer given by @Ye Liu
Since the angular application is not supported by django in order for the cookie to be installed, the angular application must execute a GET request for django first.
I have verified that until you request an HTTP request, the csrftoken cookie is not set. So only
$httpProvider.defaults.xsrfCookieName = 'csrftoken'; $httpProvider.defaults.xsrfHeaderName = 'X-CSRFToken';
will not work. First you need to do, if not real, and then comment on the django rest_framework http request.
Update . Your comments prompted me to further study this issue. Please read this blog , which states a,
APARTMENTS. Ask clients to generate and send the same unique secret value in both the Cookie and the regular HTTP header file. Given that the website is read-only / cookie allowed for its own domain, only the real website can send the same value in both headers
So first try with this single request.
$http.defaults.headers.post['X-CSRFToken'] = $cookies.csrftoken;
where you enter $cookies into the controller / service.
If it works, perhaps writing interceptors would be a good choice and also help you debug.
I am sure that you are using a version of AngularJs of at least 1.2, see this set of changes and at the recent end of the angular http service checking csrf with this code,
var xsrfValue = urlIsSameOrigin(config.url) ? $$cookieReader()[config.xsrfCookieName || defaults.xsrfCookieName] : undefined; if (xsrfValue) { reqHeaders[(config.xsrfHeaderName || defaults.xsrfHeaderName)] = xsrfValue; }
Therefore, it is necessary that you send the same token that is present in the cookie.
Next, analyze the use of your browserβs developer tool to see the request / response using an http request and analyze headers and cookies.