django-rest-auth 注销 CSRF 失败

Question

我正在使用 React、Redux 和 django rest api 构建一个简单的网站，目前正在学习使用 django-rest-auth 一切正常，除了注销给我 CSRF Failed 错误。

auth.js

export const logout = token => {
    localStorage.removeItem('expirationDate');
    const requestOptions = {
        method: "POST",
        headers: { "Content-Type": "application/json",
        'X-CSRFToken':token,
                },
    };
    fetch("/rest-auth/logout/", requestOptions)
    return {
        type: actionTypes.AUTH_LOGOUT
    };
}
export const authLogin = (username, password) => {
    return dispatch => {
        dispatch(authStart());
        axios.post('http://127.0.0.1:8000/rest-auth/login/', {
            username: username,
            password: password
        })
        .then(res => {
            const token = res.data.key;
            const expirationDate = new Date(new Date().getTime() + 3600 * 1000);
            localStorage.setItem('token', token);
            localStorage.setItem('expirationDate', expirationDate);
            dispatch(authSuccess(token));
            dispatch(checkAuthTimeout(3600));
        })
        .catch(err => {
            dispatch(authFail(err))
        })
    }
}

settings.py

REST_FRAMEWORK = {
    
    'DEFAULT_AUTHENTICATION_CLASSES': (
    'rest_framework.authentication.SessionAuthentication',
    ),
    'DEFAULT_PERMISSION_CLASSES': (
    'rest_framework.permissions.AllowAny',
    ),
}

Answer 1

解决方案是为 axios 设置默认标头

auth.js

axios.defaults.xsrfHeaderName = "X-CSRFToken";
axios.defaults.withCredentials = true

export const logout = () => {
    localStorage.removeItem('token');
    axios.post("/rest-auth/logout/", {})
    return {
        type: actionTypes.AUTH_LOGOUT
    };
}

settings.py

CSRF_COOKIE_NAME = "XSRF-TOKEN"