I'm making an authentication application, using Django, Django framework, and react with axios. I have already configured the csrf token in all ways and it continues to return the same error
Forbidden (CSRF cookie not set.): /auth/jwt/create/
[11/Jan/2024 10:05:28] "POST /auth/jwt/create/ HTTP/1.1" 403 2870
here is my settings.py configuration setting.py
MIDDLEWARE = [
#'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
'corsheaders.middleware.CorsMiddleware'
]
CORS_ALLOW_METHODS = [
'DELETE',
'GET',
'OPTIONS',
'PATCH',
'POST',
'PUT',
]
CORS_ALLOW_HEADERS = [
'accept',
'accept-encoding',
'authorization',
'content-type',
'dnt',
'origin',
'user-agent',
'x-csrftoken',
'x-requested-with',
]
CSRF_COOKIE_SECURE = False
CSRF_COOKIE_HTTPONLY = False
CSRF_USE_SESSIONS = True
CSRF_COOKIE_NAME = 'csrftoken'
CSRF_HEADER_NAME = 'HTTP_X_CSRFTOKEN'
CSRF_COOKIE_SAMESITE = 'Lax'
CORS_ALLOW_CREDENTIALS = True
ROOT_URLCONF = 'backend.urls'
TEMPLATES = [
{
'BACKEND': 'django.template.backends.django.DjangoTemplates',
'DIRS': [os.path.join(BASE_DIR,'build')],
'APP_DIRS': True,
'OPTIONS': {
'context_processors': [
'django.template.context_processors.debug',
'django.template.context_processors.request',
'django.template.context_processors.csrf',
'django.contrib.auth.context_processors.auth',
'django.contrib.messages.context_processors.messages',
],
},
},
]
REST_FRAMEWORK = {
'DEFAULT_PERMISSION_CLASSES':[
'rest_framework.permissions.IsAuthenticated'
],
'DEFAULT_AUTHENTICATION_CLASSES': (
'rest_framework_simplejwt.authentication.JWTAuthentication',
'rest_framework.authentication.BasicAuthentication',
'rest_framework.authentication.SessionAuthentication',
'rest_framework.authentication.TokenAuthentication'
),
}
SIMPLE_JWT = {
'AUTH_HEADER_TYPES': ('JWT',),
}
DJOSER = {
'USE_CSRF_COOKIE': False,
'LOGIN_FIELD': 'email',
'USER_CREATE_PASSWORD_RETYPE' : True,
'USERNAME_CHANGED_EMAIL_CONFIRMATION' : True,
'PASSWORD_CHANGED_EMAIL_CONFIRMATION' : True,
'SEND_CONFIRMATION_EMAIL' : True,
'SEND_USERNAME_RETYPE' : True,
'SET_PASSWORD_RETYPE' : True,
'PASSWORD_RESET_CONFIRM_URL': 'password/reset/confirm/{uid}/{token}',
'USERNAME_RESET_CONFIRM_URL': 'email/reset/confirm/{uid}/{token}',
'ACTIVATION_URL' : 'activate/{uid}/{token}',
'SEND_ACTIVATION_EMAIL' : True,
'SERIALIZERS' : {
'user_create' : 'accounts.serializers.UserCreateSerializer',
'user' : 'accounts.serializers.UserCreateSerializer',
'user_delete' : 'djoser.serializers.UserDeleteSerializer',
}
}
here is my user.js file. In react I am sending my post request
import axios from 'axios';
import Cookies from 'js-cookie';
// Configuração global do Axios para incluir o token CSRF em todas as solicitações
axios.defaults.xsrfHeaderName = 'X-CSRFToken';
axios.defaults.xsrfCookieName = "XCSRF-TOKEN";
axios.defaults.xsrfCookieName = 'csrftoken';
axios.defaults.withCredentials = true;
export const login = (email, password) => async dispatch => {
const csrfToken = Cookies.get('csrftoken') || 'fallback_csrf_token';
console.log('CSRF Token:', csrfToken);
console.log('Cookies:', document.cookie);
const config = {
headers: {
'X-Requested-With': 'XMLHttpRequest',
'Content-Type': 'application/json',
'X-CSRFToken': csrfToken,
},
withCredentials: true,
};
const body = JSON.stringify({ email, password });
try {
const res = await axios.post(`${process.env.REACT_APP_API_URL}/auth/jwt/create/`, body, config);
dispatch({
type: LOGIN_SUCCESS,
payload: res.data
});
dispatch(load_user());
} catch (err) {
console.error('Erro na solicitação de login:', err);
dispatch({
type: LOGIN_FAIL
})
}
};
I've tried everything I can to remove this error and I always get the same error, please can someone help me with some tips?