You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/installation.rst
+23-1Lines changed: 23 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -66,4 +66,26 @@ The most basic ``schema.py`` looks like this:
66
66
schema = graphene.Schema(query=Query)
67
67
68
68
69
-
To learn how to extend the schema object for your project, read the basic tutorial.
69
+
To learn how to extend the schema object for your project, read the basic tutorial.
70
+
71
+
CSRF exempt
72
+
-----------
73
+
74
+
If have enabled `CSRF protection <https://docs.djangoproject.com/en/3.0/ref/csrf/>`_ in your Django app
75
+
you will find that it prevents your API clients from POSTing to the ``graphql`` endpoint. You can either
76
+
update your API client to pass the CSRF token with each request (the Django docs have a guide on how to do that: https://docs.djangoproject.com/en/3.0/ref/csrf/#ajax) or you can exempt your Graphql endpoint from CSRF protection by wrapping the ``GraphQLView`` with the ``csrf_exempt``
77
+
decorator:
78
+
79
+
.. code:: python
80
+
81
+
# urls.py
82
+
83
+
from django.urls import path
84
+
from django.views.decorators.csrf import csrf_exempt
0 commit comments