I have a separate front end and backend site and I am trying to enable users on the front end to reset their password. I have created an endpoint for them to do so which works when accessed via the backend site. But when I try to access the endpoint via Insomnia I get:
Forbidden (403)
CSRF verification failed. Request aborted.
I have added my front end domain to the CORS_ORIGIN_WHITELIST.
class PasswordResetView(auth_views.PasswordResetView):
template_name = 'users/reset_password.html'
@method_decorator(csrf_exempt)
def dispatch(self, *args, **kwargs):
return super().dispatch(*args, **kwargs)
Is there some other method that I must also make csrf_exempt?
from CSRF Exempt Django Auth Password Reset View for Cross Domain request
No comments:
Post a Comment