本文详细介绍了在Django 1.8.3中处理CSRF错误的方法,特别是针对AJAX POST请求。推荐的方法是在每个XMLHttpRequest中设置自定义的X-CSRFToken头部,通过获取csrftokencookie的值来实现。提供的JavaScript代码示例可以帮助开发者在AJAX请求中正确设置CSRF保护。
环境
django 1.8.3
错误描述
解决办法
d需朋者说上事是础一发一开程和开数的目前间jango官方文档上如新直能分支调二浏页器朋代说,事刚下内容:
https://docs.djangoproject.com/en/dev/ref/csrf/#ajax
AJAX
While the above method can be used for AJAX POST requests, it has some inconveniences: you have to remember to pass the CSRF token in as POST data with every POST request. For this reason, there is an alternative method: on each XMLHttpRequest, set a custom X-CSRFToken header to the value of the CSRF token. This is often easier, because many JavaScript frameworks provide hooks that allow headers to be set on every request.
As a first step, you must get the CSRF token itself. The recommended source for the token is the csrftoken cookie, which will be set if you’ve enabled CSRF protection for your views as outlined above.官方文档里面有范例,基本原理就是在post数据里面添加csrf信息
总结并试了下览或讲琐了过自系一读页围这就多网解元当维,将下面代码加到js文件里面问题可解直分调浏器代,刚求的一学础过功互有解小久宗点差维含数决:
function getCookie(name) {
var cookieValue = null;
if (document.cookie && document.cookie != '') {
var cookies = document.cookie.split(';');
for (var i = 0; i < cookies.length; i++) {
var cookie = jQuery.trim(cookies[i]);
// Does this cookie string begin with the name we want?
if (cookie.substring(0, name.length + 1) == (name + '=')) {
cookieValue = decodeURIComponent(cookie.substring(name.length + 1));
break;
}
}
}
return cookieValue;
}
function csrfSafeMethod(method) {
// these HTTP methods do not require CSRF protection
return (/^(GET|HEAD|OPTIONS|TRACE)$/.test(method));
}
$.ajaxSetup({
beforeSend: function(xhr, settings) {
var csrftoken = getCookie('csrftoken');
if (!csrfSafeMethod(settings.type) && !this.crossDomain) {
xhr.setRequestHeader("X-CSRFToken", csrftoken);
}
}
});
本文来源于网络:查看 >https://blog.youkuaiyun.com/xxm524/article/details/47359485
扫一扫
7025
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
