Issue #3906
Updated by dkliban@redhat.com over 5 years ago
Pulp's REST API validates that only acceptable fields are submitted with each request. The list of fields does not include the csrf token. As a result of this validation, the browsable API forms produce responses that look like this:
<pre>
HTTP 400 Bad Request
Allow: GET, POST, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept
{
"csrfmiddlewaretoken": [
"Unexpected field"
]
}
</pre>
We need to investigate how to configure DRF to stop including this field with each form. It's possible that Otherwise we just will need to disable csrf middleware here[0] and make sure update the installed DRF version contains this patch[1].
Otherwise a fix from comment 3 would be appropriate.
[0] https://github.com/pulp/pulp/blob/e61cf39444f2f26624a01b0a6782ed95e2114441/pulpcore/pulpcore/app/settings.py#L82
[1] https://github.com/encode/django-rest-framework/pull/6113
validation algorithm.
.