Angular无法从Django获取CSRF cookie
[英]Angular can't get CSRF cookie from Django
问题描述
I did a lot of research on this topic, but it's still not working for me. 
我对此主题进行了大量研究,但对我而言仍然无效。 I set my csrftoken cookie in Django,and it does in the response object. 我在Django中设置了csrftoken cookie,它在响应对象中也是如此。
But in any browser, it says no cookies in this site 但是在任何浏览器中, no cookies in this site
Backend: 后端:
@ensure_csrf_cookie
def home(request):
csrf_token = get_token(request)
response = HttpResponse()
response = render(request, 'index.html')
response.set_cookie(key='csrftoken', value=csrf_token)
return response
Angular: 角度:
myapp.config(function($httpProvider){
//I use this when in angular1.0.x
//$http.defaults.headers.post['X-CSRFToken'] = $cookies['csrftoken'];
//now in angular1.2.x I use code below. but none of them works
$httpProvider.defaults.xsrfCookieName = 'csrftoken';
$httpProvider.defaults.xsrfHeaderName = 'X-CSRFToken';
});
When I do a POST I get message 当我执行POST时,我收到消息
Failed to load resource: the server responded with a status of 403 (FORBIDDEN)
Also if I print out header info in the $http error function: 另外,如果我在$ http错误函数中打印出标题信息:
console.log(header('Set-Cookie'));
console.log(header('Access-Control-Allow-Headers'));
console.log(header('Access-Control-Allow-Methods'));
all of these three are null . 所有这三个都是null 。
I can't figure it why! 我不知道为什么! Especially, it works fine in localhost , either Firefox or Chrome, but in an Apache server, always no cookie in this site. 特别是,它可以在localhost (Firefox或Chrome)中正常工作,但在Apache服务器中,此站点中始终没有cookie。
Is there any setting should I do? 我应该做什么setting ? Can anyone help my with this issue? 谁能帮我解决这个问题?
3 个解决方案
解决方案1
0 2014-03-31 06:54:22
I'm not sure this will help, but your view is terribly written. 我不确定这是否有帮助,但是您的观点写得很糟糕。 You're trying to force the csrf in about five different ways, and you also have some redundant lines that don't do anything (you do response = HttpResponse() and then override it completely, making that line completely void). 您尝试以大约五种不同的方式强制使用csrf,并且您还有一些多余的行什么也不做(您执行response = HttpResponse()然后完全覆盖它,使该行完全无效)。 so there's a good chance one of them is screwing things over. 因此,其中一个极有可能将事情搞砸了。
The point is - when you use render you don't need to do anything else to enforce the csrf (you know, except for making sure it's enabled). 关键是-使用渲染时,您无需执行任何其他操作即可强制执行csrf(您知道,除了确保已启用它外)。 That's the point of using it over render_to_response . 这就是在render_to_response上使用它的重点 。 Try this much simpler version and see how much it helps: 试试这个简单得多的版本,看看有什么帮助:
def home(request):
return render(request, 'index.html')
解决方案2
0 2015-01-05 21:49:22
Please check the domain of the cookie set by Django. 请检查由Django设置的Cookie的域。
Be aware of cross-domain requests. 注意跨域请求。
$http docs : Angular provides a mechanism to counter XSRF, When performing XHR requests but will not be set for cross-domain requests. $ http docs:Angular提供了一种在执行XHR请求时对XSRF进行计数的机制,但不会为跨域请求设置该机制。
Here is a small lib that might help you https://github.com/pasupulaphani/angular-csrf-cross-domain/blob/master/dist/angular-csrf-cross-domain.js 这是一个可能帮助您的小程序库https://github.com/pasupulaphani/angular-csrf-cross-domain/blob/master/dist/angular-csrf-cross-domain.js
解决方案3
0 2016-03-18 18:26:35
Try including the ngCookies module in your application. 尝试在应用程序中包含ngCookies模块。
myApp.run(function ($http, $cookies) {
$http.defaults.headers.common['X-CSRFToken'] = $cookies.csrftoken;
});
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.