Integrate Axios with Django Rest Framework

Sat 12 June 2021

Do you need to integrate the Axios HTTP client with Django Rest Framework? Then make sure to correctly configure the Django built-in Cross Site Request Forgery protection.

TLDR: add these variables to your Django settings:


Axios has built-in support for CSRF protection, and this is the default configuration:

// name of the cookie to use as a value for xsrf token
xsrfCookieName: 'XSRF-TOKEN'

// name of the http header that carries the xsrf token value
xsrfHeaderName: 'X-XSRF-TOKEN'

According to Django documentation:

"As with other HTTP headers in request.META, the header name received from the server is normalized by converting all characters to uppercase, replacing any hyphens with underscores, and adding an 'HTTP_' prefix to the name. For example, if your client sends a 'X-XSRF-TOKEN' header, the setting should be 'HTTP_X_XSRF_TOKEN'."