How to organize a SPA authentication when using Django REST framework SessionAuthentication and?

Is: API in DRF, SessionAuthentication. Can't understand how to properly and safely organize a user authentication in a SPA, if a login form is being rendered in SPA.
When you use sessions for security, you must use the csrf token.
For example, in the case of conventional multi-application on Django uses the standard django LoginView. The token will be rendered in a hidden field on the server form and in Set-Cookie response header, everything is simple and clear.
And what about in the case of SPA, whether the token request such as a GET request to /auth/login, then authenticate by POST /auth/login (with the transmission in the header of the previously received token of course), how it will be correct from the point of view of security?
April 19th 20 at 12:33
0 answer

Find more questions by tags Django Rest FrameworkOne-page application