Authentication/ CSRF protection on a Django web app using Tastypie

132 views Asked by At

I am just about to start building a web and Cordova based mobile app that will use Django / Tastypie as API server.

The app will not be served by Django, it will be served from independent server/ domain with Django being there just to provide API.

Tastypie has options for API key, basic HTTP authentication, session based authentication. I am trying to decide which approach to take. Any opinions out there? The app will provide unauthenticated login / signup but the rest will be behind a login.

I have built web apps based on Angular before that are served from Django and so with them I was able to get a CSRF token for posting data. But this app will be a hybrid mobile app (Cordova based) and also a web app served from some domain or other. How best to handle CSRF given that I will not be able to get a CSRF token to add to Ajax requests?

I have looked for how other services such as Parse.io solve this but have not found anything that helps.

Thanks

Rich

0

There are 0 answers