While working on a Django web app, I had to disable CSRF protection in a view. The goal was that our API was accepting data from another part of our website and we needed to skip the CSRF protection just for that one page.
There are two great answers on how to do this on StackOverflow:
- How to disable Django’s CSRF validation?
- How can I disable Django’s CSRF protection only in certain cases?
And nice documentation for Django Rest Framework on disabling CSRF for AJAX calls.
The answer is basically to use the csrf_exempt as a function that wraps the class-based view’s .as_view call and to do this in the urls.py routing file.