我有一个 Android 客户端应用程序,它尝试使用 Django + DRF 后端进行身份验证。但是,当我尝试登录时,我得到以下响应:
403: CSRF Failed: CSRF token missing or incorrect.
请求被发送到http://localhost/rest-auth/google/
以下正文:
access_token: <the OAuth token from Google>
什么可能导致这种情况?客户端没有 CSRF 令牌,因为 POST 进行身份验证是客户端和服务器之间发生的第一件事。我检查了很多过去有同样问题的问题,但我找不到任何解决方案。
Django端的相关设置是这样的:
AUTHENTICATION_BACKENDS = (
"django.contrib.auth.backends.ModelBackend",
"allauth.account.auth_backends.AuthenticationBackend"
)
TEMPLATE_CONTEXT_PROCESSORS = (
"django.core.context_processors.request",
"django.contrib.auth.context_processors.auth",
"allauth.account.context_processors.account",
"allauth.socialaccount.context_processors.socialaccount"
)
MIDDLEWARE_CLASSES = (
'django.middleware.common.CommonMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
)
INSTALLED_APPS = (
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.sites',
'django.contrib.messages',
'django.contrib.staticfiles',
'app',
'allauth',
'allauth.account',
'allauth.socialaccount',
'allauth.socialaccount.providers.facebook',
'allauth.socialaccount.providers.google',
'django.contrib.admin',
# REST framework
'rest_framework',
'rest_framework.authtoken',
'rest_auth',
'rest_auth.registration',
)
REST_FRAMEWORK = {
'DEFAULT_PERMISSION_CLASSES': (
'rest_framework.permissions.IsAuthenticated'
),
}