Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Please document using csrf_exempt for read-only POST APIs

See original GitHub issue

I have a ReactJS application that is hosted on a separate domain from my Django app. But the library (Apollo) currently only makes requests with POST. Since I have no mutations in my Graphene implementations, it’s pretty safe for me to use csrf_exempt for my GraphQL view.

Would you be able to add that to your documentation somewhere so that people know this is an option. Would you also be able to confirm that I’m correct in my deduction? 😃 If it’s still possible to write to GraphQL without mutations, I’ll need to look for a different solution.

Thanks!!

Issue Analytics

State:
Created 6 years ago
Reactions:2
Comments:8 (4 by maintainers)

Top GitHub Comments

1reaction

phaltcommented, Jun 25, 2019

Simply wrapping the view in a csrf_exempt is enough but yes, we should add this to the docs:

from django.views.decorators.csrf import csrf_exempt

url(r'^graphql', csrf_exempt(GraphQLView.as_view(schema=schema)), name='graphql',),

0reactions

stale[bot]commented, Nov 22, 2019

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.