fix(api): disable csrf checks for api routes

2026-04-29 12:09:56 +02:00
parent be7af18c36
commit 90856d5a7e
4 changed files with 34 additions and 6 deletions
--- a/src/settings/base.py
+++ b/src/settings/base.py
@@ -167,7 +167,7 @@ MIDDLEWARE = [
    "whitenoise.middleware.WhiteNoiseMiddleware",
    "django.contrib.sessions.middleware.SessionMiddleware",
    "django.middleware.common.CommonMiddleware",
-    "django.middleware.csrf.CsrfViewMiddleware",
+    "apps.core.middleware.ApiCsrfExemptMiddleware",
    "django.contrib.auth.middleware.AuthenticationMiddleware",
    "django.contrib.messages.middleware.MessageMiddleware",
    "django.middleware.clickjacking.XFrameOptionsMiddleware",
--- a/src/settings/dev.py
+++ b/src/settings/dev.py
@@ -29,11 +29,6 @@ CORS_ALLOW_CREDENTIALS = True
 CORS_ALLOW_PRIVATE_NETWORK = True
 CSRF_COOKIE_SECURE = False
 SESSION_COOKIE_SECURE = False
-MIDDLEWARE = [
-    middleware
-    for middleware in MIDDLEWARE
-    if middleware != "django.middleware.csrf.CsrfViewMiddleware"
-]


 def _normalize_local_host(host: str) -> str: