django django-rest-framework django-views csrf django-csrf

Why is `csrf_exempt` not needed when using django-rest-framework?

When I make a POST request with Postman, I receive an error Forbidden (CSRF cookie not set.)

class BooksView(View):
    def post(self, request):

If I use csrf_exempt the error does not occur

from django.utils.decorators import method_decorator
from django.views.decorators.csrf import csrf_exempt

@method_decorator(csrf_exempt, name='dispatch')
class BooksView(View):
    def post(self, request):

However, this error does not occur at all when I use django-rest-framework

from rest_framework.views import APIView

# /books
class BooksView(APIView):
    def post(self, request):

What is django-rest-framework and the APIView class doing in relation to csrf?

Solution

All views and viewsets in django-rest-framework inherit from APIView, this class wraps itself with csrf_exempt in the as_view method.

django: on pypy, psyco, unladen swallow or cpython, which one is the fastest?
Password Reset functionality inheriting from Django clases - reverse url issues ('uidb64')
how to log a file in Django
Using filters with model inheritance
How to render a pdf file as pdf in browser using django
django.db.utils.ProgrammingError: relation "bot_trade" does not exist
Django DRF: @permission_classes not working
How to prevent bleach from escaping > (blockquote) tag used in Markdown
how to solve django.db.utils.NotSupportedError in django
CSRF cookie error after Django 3.2 update (DRF with token authentication)
How to make an Inner Join in django?
Object of type ListSerializer is not JSON serializable
How to get the common name for a pytz timezone eg. EST/EDT for America/New_York
How to serialize user permissions in Django Rest Framework?
Fatal Python error: init_fs_encoding: failed to get the Python codec of the filesystem encoding, when trying to start uwsgi
Error attempting to deploy my Django app on Vercel
Complex query using Django QuerySets
How to call asynchronous function in Django?
Django Sitemaps : Get only pages of the current website
How to manage.py loaddata in Django
'Invalid filter: 'length_is' Error in Django Template – How to Fix?
How to call OneToOneField reverse relationship in template (django)?
Django Rest Framework POST Update if existing or create
Django: get current manage.py command
Change Django ModelChoiceField to show users' full names rather than usernames
How to do aggregate raw sql with julian date in sqlite (with django)
Django send excel file to Celery Task. Error InMemoryUploadedFile
Monitoring django rest framework api on production server
Interactive Graphviz graphs in a web application
Django: Not Found static/admin/css