Django返回403错误-“未设置CSRF Coo​​kie”

Question

I'm getting a 405 error, specifically saying CSRF verification failed. Request aborted. CSRF cookie not set. CSRF verification failed. Request aborted. CSRF cookie not set.

My urls.py is:

from django.conf.urls import patterns, include, url
from django.contrib import admin
from users.views import HandlerView
admin.autodiscover()

urlpatterns = patterns('',
    url(r'^admin/', include(admin.site.urls)),
    url(r'^users/login$', HandlerView.as_view(), name='my-view'),
    url(r'^users/add$', HandlerView.as_view(), name='my-view'),
)

and my views.py is:

from django.shortcuts import render
from django.http import HttpResponse
from django.views.generic import View

class HandlerView(View):
    def get(self, request, *args, **kwargs):
        return HttpResponse('Hello, World!')

    def post(self, request, *args, **kwargs):
        print "Hello world!"
        return HttpResponse('Hello, World!')

The curl execution that I'm inputting at my terminal is:

curl -v -H "Accept: application/json" -H "Content-type: application/json" -X POST -d ' {"user" : "jeff", "password" : "pass1"} ' http://localhost:8000/users/add

and the terminal running my server returns:

[13/Feb/2014 00:38:06] "POST /users/add HTTP/1.1" 403 2282

I understand what CSRF is, but what would this be flagging for a POST method through the terminal, when theres no cookies right? What would be the remedy to this?

Answer 1

It might be giving this error because you might be having the CSRF protection turned on in middelware settings.

If you don't need that protection, you can set the view as CSRF exempt . You can simply use a decorator on the view or you can turn it disable it from middleware settings.

from django.views.decorators.csrf import csrf_exempt
from django.http import HttpResponse

@csrf_exempt
def my_view(request):
    return HttpResponse('Hello world')