我的好吃的POST请求出了什么问题?
[英]What's wrong with my tastypie POST request?
问题描述
I'm getting a 401 when trying to do a post in ajax with Tastypie. 
当我尝试与Tastypie在ajax中发表文章时,我得到了401。 I can log a GET to the console, and they use the same authentication. 我可以将GET登录到控制台,并且它们使用相同的身份验证。 How can I debug? 我该如何调试?
Here's my javascript: 这是我的JavaScript:
// sending a csrftoken with every ajax request
function csrfSafeMethod(method) {
// these HTTP methods do not require CSRF protection
return (/^(GET|HEAD|OPTIONS|TRACE)$/.test(method));
}
$.ajaxSetup({
crossDomain: true, // obviates need for sameOrigin test
beforeSend: function(xhr, settings) {
if (!csrfSafeMethod(settings.type)) {
xhr.setRequestHeader("X-CSRFToken", $.cookie('csrftoken'));
}
}
});
//this is the get request, which works fine
$.ajax({
url: "http://localhost:8080/data/api/v1/user/?format=json",
success: function(data){
console.log(data);
}
});
$(function() {
$('#newEntry').click(function() {
var table=$("#entryName").val();
var d = JSON.stringify({
"name":entry,
"user":"http://localhost:8080/data/api/v1/user/?format=json"
});
$.ajax({
type: 'POST',
data: d,
success: function(r) {console.log(r); },
error: function(r){console.log(r); },
url: 'http://localhost:8080/data/api/v1/entry/',
cache:false
});
});
});
I asked this question earlier, as I thought it would help, but it hasn't. 我早些时候问过这个问题,因为我认为这会有所帮助,但没有成功。 It has more context, namely about what I'm using for auth, but I can provide more detail if needed. 它具有更多的上下文,即有关我用于身份验证的内容,但是如果需要,我可以提供更多详细信息。
1 个解决方案
解决方案1
0 2014-06-18 04:57:15
401 usually means you aren't authorized to access that resource, or there is a CSRF issue. 401通常意味着您无权访问该资源,或者存在CSRF问题。
Two things spring to mind 我想到两件事
You are not authenticated.
您未通过身份验证。 Are you logged in( SessionAuthentication), or are you sending the username and api key with your request(ApiKeyAuthentication).您是登录( SessionAuthentication),还是随请求发送用户名和api密钥(ApiKeyAuthentication)。If #1 is not the problem, then maybe it's because the csrf token has not been set.
如果不是#1的问题,则可能是因为尚未设置csrf令牌。 Django does not set the token for all requests. Django不会为所有请求设置令牌。 From the docs - 从文档 -
If your view is not rendering a template containing the csrf_token template tag, Django might not set the CSRF token cookie.
I'm guessing that #2 is the more like scenario. 我猜想#2更像场景。 You can either wrap your views in the ensure_csrf_cookie decorator, or use a middleware to do that for all requests. 您可以将视图包装在ensure_csrf_cookie装饰器中,也可以使用中间件对所有请求执行此操作。 Or you could use the api key for authentication, as it does not look like it checks for csrf token(not really sure, but I'm looking at the tastypie code and I don't see any csrf checks.) 或者,您也可以使用api密钥进行身份验证,因为它看起来并不像它检查的csrf令牌(不是很确定,但是我正在查看密码代码,但没有看到任何csrf的检查。)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.