I've created an app in my Django project which works the same as API.
But for post requests, logins I'm doing something like this.
request "GET"(URL: example.com/api/get) this returns a csrftoken
which is then used by my applications as a cookie.
request "POST"(URL: example.com/api/login), Here the frontend application logs in the user. The csrftoken
from example.com/api/get
is used in cookies and the same is used as csrfmiddlewaretoken
in post data.
My question here is, it is secure to create an API like this and use it instead of Django RestFramework.
Any suggestion will be appreciated.
THANK YOU
与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…