如何正确地将django csrf_token附加到内联javascript中?
[英]How to properly append django csrf_token to form in inline javascript?
问题描述
I have created form element dynamically in javascript: 
我在javascript中动态创建了表单元素:
var selectform = document.createElement("form")
I have added other input elements and these attributes to selectform: 我已将其他输入元素和这些属性添加到selectform:
submitnselection.setAttribute('type',"submit");
submitnselection.setAttribute('value',"Submit");
submitnselection.setAttribute("name","submitnpage");
selectform.setAttribute("method", "post")
selectform.setAttribute = ("action", "/test")
"{% csrf_token %}";
In HTML, adding {% csrf_token %} template tag would work, but in this case of javascript i got 403 forbidden error: 在HTML中,添加{% csrf_token %}模板标签会起作用,但在这种情况下javascript我得到403禁止错误:
CSRF token missing or incorrect.
I have found some solutions but nothing was working for me, is there any way to add {% csrf_token %} to form with only using Django, Javascript and plain Jquery? 我找到了一些解决方案,但没有什么对我{% csrf_token %} ,有没有办法只使用Django,Javascript和普通Jquery添加{% csrf_token %}来形成? Also note that this script is inside html, so i think {% csrf_token %} template tag will work. 另请注意,此脚本位于html内部,因此我认为{% csrf_token %}模板标记可以正常工作。
3 个解决方案
解决方案1
5 已采纳 2017-03-11 09:56:54
This should work: 这应该工作:
var inputElem = document.createElement('input');
inputElem.type = 'hidden';
inputElem.name = 'csrfmiddlewaretoken';
inputElem.value = '{{ csrf_token }}';
selectform.appendChild(inputElem);
You see, the csrf_token is nothing more that a string which is the value of a hidden input element of a form. 你看, csrf_token不过是一个字符串,它是表单hidden输入元素的value 。 That's all! 就这样!
解决方案2
2 2017-03-11 10:01:47
You can try to append an input field to the form: 您可以尝试将输入字段附加到表单:
// declare an input field
var input = document.createElement('input');
input.type = 'hidden';
input.name = 'csrfmiddlewaretoken';
input.value = '{% csrf_token %}';
// attach field to the form
selectform.appendChild(input);
// submit
解决方案3
1 2017-03-11 10:09:51
If I understand everything, you need to send a csrf token but you don't have any to send to the server from javascript. 如果我理解了所有内容,您需要发送一个csrf令牌,但是您没有任何要从javascript发送到服务器的令牌。
From the code in a Django template is very easy to generate a csrf token with the usual {% csrf_token %} Django tag, but this is because the template is being processed in the server to create the final HTML which will be sent to the browser. 从Django模板中的代码很容易生成带有通常的{%csrf_token%} Django标记的csrf标记,但这是因为正在服务器中处理模板以创建将发送到浏览器的最终HTML 。
When you are in Javascript you can't generate a csrf token so, I think the best solution is creating an invisible tag in the template, probably a hidden input. 当你使用Javascript时,你无法生成csrf令牌,所以我认为最好的解决方案是在模板中创建一个不可见的标签,可能是一个隐藏的输入。
<input id="token" type="hidden" value="{% csrf_token %}" ></input>
And when in jQuery get the value with $('#token').attr('value'), I have an example with a jQuery POST method: 当在jQuery中使用$('#token')。attr('value')获取值时,我有一个使用jQuery POST方法的示例:
token = $('#token').attr('value');
$.post(url, {
'personId': personId,
'csrfmiddlewaretoken': token // This is the important thing
}, function() {}
);
No matter how you do it, you have to send the token with the 'csrfmiddlewaretoken' name and the token value along with the other info you want to send to the server. 无论您如何操作,都必须使用“csrfmiddlewaretoken”名称和令牌值以及要发送到服务器的其他信息发送令牌。
I'm editing this with a pure JS solution if you need it. 如果你需要,我正在使用纯JS解决方案进行编辑。 Just say it. 说吧。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.