Django CSRF令牌丢失
[英]Django CSRF token is missing
问题描述
I have an function in the custom.js file as follows : 
我在custom.js文件中有一个函数,如下所示:
function contactTraxio(fullname, telephone, email) {
if (typeof(fullname)==='undefined') fullname = null;
if (typeof(telephone)==='undefined') telephone = null;
if (typeof(email)==='undefined') email = null;
bootbox.dialog({
title: "Limit reached",
message: '<p class="text-main text-center">You have reached the limit of your calculations.</p>' +
'<p class="pad-btm mar-btm text-center">Upgrade your account by contacting us on +32 9 111 12 12 or filling in the form below.</p>' +
'<div class="row"> ' +
'<div class="col-md-12"> ' +
'<form class="" method="POST"> ' +
'<div class="form-group"> ' +
'<div class="col-md-6" style="padding-left: 0"> ' +
'<input id="contact-fullname" name="fullname" type="text" placeholder="Your fullname" class="form-control input-md" value="' + fullname + '"> ' +
'<span class="help-block"><small></small></span> </div> ' +
'</div> ' +
'<div class="col-md-6" style="padding-right: 0"> ' +
'<input id="contact-telephone" name="telephone" type="text" placeholder="Telephone" class="form-control input-md" value="' + telephone + '"> ' +
'<span class="help-block"><small></small></span> </div> ' +
'</div> ' +
'<div class="col-md-12 pad-no-lr-md" style="margin-top: 7.5px;"> ' +
'<input id="contact-email" name="email" type="text" placeholder="Your email address" class="form-control input-md" value="' + email + '"> ' +
'<span class="help-block"><small></small></span> </div> ' +
'</div> ' +
'</div>' +
'</form> ' +
'</div>' +
'</div>',
buttons: {
success: {
label: "Send",
className: "btn-primary",
callback: function () {
$.ajax({
type: 'POST',
url: '/master/contact_traxio/',
data: {
fullname: $('#contact-fullname').val(),
telephone: $('#contact-telephone').val(),
email: $('#contact-email').val(),
csrfmiddlewaretoken: '{{ csrf_token }}'
},
success: function (data) {
debugger;
}
});
}
}
}
});
}
Thus, I have an contact form in js. 因此,我在js中有一个联系表。 And I'm trying to send the form data to the django view with ajax. 我正在尝试使用ajax将表单数据发送到django视图。
I've added csrfmiddlewaretoken: '{{ csrf_token }}' to the data, but for some reason I get an error : 我已经在数据中添加了csrfmiddlewaretoken: '{{ csrf_token }}' ,但是由于某种原因,我得到了一个错误:
Forbidden (CSRF token missing or incorrect.): /master/contact_traxio/
[03/Mar/2017 08:52:46] "POST /master/contact_traxio/ HTTP/1.1" 403 2502
The contact_traxio view is as follows : contact_traxio视图如下:
@login_required
def contact_traxio(request):
if request.method == 'POST':
# Just test
return HttpResponse('{} / {} / {}'.format(request.POST['fullname'], request.POST['telephone'], request.POST['email']))
else:
return HttpResponseBadRequest("Sorry. Something went wrong.")
And the django template from where I call the contactTraxio function is as follows : 我从其中调用contactTraxio函数的django模板如下:
{% block page_content %}
<script>
$(document).ready(function () {
var fullname = '{{ user.user.first_name }} {{ user.user.last_name }}';
contactTraxio(fullname, '{{ user.telephone }}', '{{ user.user.email }}')
})
</script>
{% endblock %}
Why is the csrf token isn't sent? 为什么没有发送csrf令牌?
Any advice? 有什么建议吗?
1 个解决方案
解决方案1
3 已采纳 2017-03-03 09:06:45
You're using Django template syntax in an external JS file. 您正在外部JS文件中使用Django模板语法。 That can't work, because Django does not parse those files. 那是行不通的,因为Django不会解析这些文件。
The documentation shows exactly what you need to do to access the token from your JS; 该文档确切显示了从JS访问令牌所需的操作 。 you should follow it. 你应该遵循它。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.