如何正确解耦Django与AJAX应用程序?
[英]How to properly decouple Django from an AJAX application?
问题描述
I'm using TastyPie and Django to build out my backend for an application that will have browser and mobile (native iOS) clients. 
我正在使用DeliciousPie和Django为具有浏览器和移动(本地iOS)客户端的应用程序构建后端。
I have been through the TastyPie and Django docs, can authenticate successfully either using the TastyPie resources I set up, or using Djangos built in views. 我已经遍历了DeliciousPie和Django文档,可以使用我设置的DeliciousPie资源或使用内置于视图中的Django成功验证身份。 I see a lot of examples on including the CSRF token on the page and grabbing it with your JavaScript, and that works, but I don't understand now to actually determine whether a user is logged in on initial page load (from JavaScript). 我看到了很多在页面上包含CSRF令牌并用您的JavaScript捕获它的示例,并且可以正常工作,但是我现在还不了解如何确定用户是否在初始页面加载(从JavaScript)上登录。
Example: 例:
If I want to serve static HTML from a separate, fast web server, and cache my application JavaScript, and only interact with Django through TastyPie views, how do I determine if the user is logged in (and know to render a login form or the app views using JavaScript), and after logout, is there any session information I need to remove from the client browser? 如果我想从单独的快速Web服务器上提供静态HTML,并缓存我的应用程序JavaScript,并且仅通过DeliciousPie视图与Django进行交互,该如何确定用户是否已登录(并知道呈现登录表单或使用JavaScript的应用程序视图),注销后,是否需要从客户端浏览器中删除任何会话信息?
If I were to serve up HTML through Django's template engine, I could render the login form through there appropriately, but that seems not ideal if I want to truly decouple my JavaScript app from Django (and behave like a mobile client). 如果我要通过Django的模板引擎提供HTML,则可以在其中适当地呈现登录表单,但是如果我想将我的JavaScript应用程序与Django真正脱钩(并且表现得像移动客户端),那似乎并不理想。
Edit: I am using Backbone.js, but I don't think that should matter. 编辑:我正在使用Backbone.js,但我认为这并不重要。
UPDATE: 更新:
I think I figured it out reading through Django's CSRF documentation again. 我想我想通了再次阅读Django的CSRF文档的想法。
If your view is not rendering a template containing the csrf_token template tag, Django might not set the CSRF token cookie. 如果您的视图未呈现包含csrf_token模板标记的模板,则Django可能未设置CSRF令牌cookie。 This is common in cases where forms are dynamically added to the page. 在将表单动态添加到页面的情况下,这很常见。 To address this case, Django provides a view decorator which forces setting of the cookie: ensure_csrf_cookie(). 为了解决这种情况,Django提供了一个视图装饰器来强制设置cookie:sure_csrf_cookie()。
If I do not want to render Django templates, this reads like I can still use the cookie and pull that into my Backbone or jQuery AJAX methods. 如果我不想呈现Django模板,则读取的内容仍然可以使用cookie并将其放入我的Backbone或jQuery AJAX方法中。 I'm not sure if TastyPie ensures the cookie will be sent or how to tie into it. 我不确定TastyPie是否确保将发送cookie或如何绑定它。
If I use AJAX to logout, will the cookie automatically be removed or does it become invalid? 如果我使用AJAX登出,cookie会自动删除还是无效? Are these CSRF tokens unique to each user session? 这些CSRF令牌对于每个用户会话都是唯一的吗? I'll have to test some things tomorrow with it. 明天我将不得不测试一些东西。 Is it possible to use Django decorators on TastyPie views? 是否可以在DeliciousPie视图上使用Django装饰器?
1 个解决方案
解决方案1
1 已采纳 2013-09-06 05:43:24
A mobile client doesn't care if the Javascript comes from Django or any other web server. 移动客户端不在乎Javascript是否来自Django或任何其他Web服务器。 So go ahead and put all your JavaScript and static HTML on another server. 因此,继续将所有JavaScript和静态HTML放在另一台服务器上。
If you want your mobile app to see if the user is logged in, it should make an AJAX call to your Django backend (where the request is authenticated). 如果您希望您的移动应用查看用户是否已登录,则应对您的Django后端(请求已通过身份验证)进行AJAX调用。 The data returned should indicate if the session is active (user is logged in). 返回的数据应指示会话是否处于活动状态(用户已登录)。
Another AJAX call can perform the Django logout function. 另一个AJAX调用可以执行Django注销功能。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.