堆栈内存溢出
  简体   繁体   English

尽管我在表单中有 csrf 令牌,但在 Django POST 请求中,禁止的 CSRF 令牌丢失或不正确

[英]Forbidden CSRF token missing or incorrect in Django POST request even though I have csrf token in form

 原文  2018-02-13 07:19:21       javascript/ python/ ajax/ django

问题描述

I have included csrf_token in data while making AJAX request.我在发出 AJAX 请求时将 csrf_token 包含在数据中。 But I keep getting 403 as a response when I make a POST request.但是当我发出 POST 请求时,我不断收到 403 作为响应。

I checked whether csrf_token is empty or not before making the request.在提出请求之前,我检查了 csrf_token 是否为空。

Everything seems fine, what could be triggering the error?一切似乎都很好,可能是什么触发了错误?

Here is my html code:这是我的 html 代码:

<form  method = "POST" >
{% csrf_token %}

<div class="form-group">
  <label for="name">Name:</label>
  <input type="text" class="form-control" id="name" placeholder="Enter name" name="name" required>
</div>

<div class="form-group">
  <label for="email">Email:</label>
  <input type="email" class="form-control" id="email" placeholder="Enter email" name="email" >
</div>

<div class="form-group">
  <label for="pwd">Password:</label>
  <input type="password" class="form-control" id="pwd" placeholder="Enter password" name="pwd" >
</div>

<div class="form-group">
  <label for="name">Website:</label>
  <input type="text" class="form-control" id="website" placeholder="Enter website" name="website">
</div>

<div class="checkbox">
  <label><input type="checkbox" name="remember"> Remember me</label>
</div>

<input type="text" id="submit" class="btn btn-default" value="Submit">

Javascript Code: Javascript代码:

       $("#submit").click(function(){


           var finalData = {};
           finalData.name = $('#name').val();
           finalData.email = $('#email').val();
           finalData.pwd = $('#pwd').val();
           finalData.website = $('#website').val();
           finalData.csrfmiddlewaretoken = $('input[name=csrfmiddlewaretoken]').val();


           $.ajax({

                  url: window.location.pathname,
                  type: "POST",
                  data: JSON.stringify(finalData),
                  contentType: "application/json",

                  success: function(data){

                        alert('Yo man');
                  },

                  error: function(xhr, status, error) {
                      alert(xhr.responseText);
                  }


                });

    });

Python code:蟒蛇代码:

def signup(request):

if request.method == 'POST':
   response_json = request.POST
   response_json = json.dumps(response_json)
   xy = json.loads(response_json)

   user = User()
   user.name = xy['name']
   user.email = xy['email']
   user.password = make_password(xy['pwd'])
   user.website = xy['website']
   user.save()

   return JsonResponse({'name': 'test'}, status=200)


else:
    context = {'dummy': 'dummy'}
    return render(request, 'forms/signup.html', context)

Code in urls.py of my App:我的应用程序的 urls.py 中的代码:

from django.conf.urls import url
from . import views

urlpatterns = [

# HomePage
url(r'^$', views.index, name='index'),

# Signup Page
url('signup', views.signup, name='signup'), 

]

1 个解决方案

解决方案1
 1 已采纳  2018-02-13 07:57:23

Try the same by adding following code on top of your script通过在脚本顶部添加以下代码来尝试相同的操作

$.ajaxSetup({
    beforeSend: function(xhr, settings) {
        if (settings.type == 'POST' || settings.type == 'PUT' || settings.type == 'DELETE') {
            function getCookie(name) {
                var cookieValue = null;
                if (document.cookie && document.cookie != '') {
                    var cookies = document.cookie.split(';');
                    for (var i = 0; i < cookies.length; i++) {
                        var cookie = jQuery.trim(cookies[i]);
                        // Does this cookie string begin with the name we want?
                        if (cookie.substring(0, name.length + 1) == (name + '=')) {
                            cookieValue = decodeURIComponent(cookie.substring(name.length + 1));
                            break;
                        }
                    }
                }
                return cookieValue;
            }
            if (!(/^http:.*/.test(settings.url) || /^https:.*/.test(settings.url))) {
                // Only send the token to relative URLs i.e. locally.
                xhr.setRequestHeader("X-CSRFToken", getCookie('csrftoken'));
            }
        }
    }
});

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 禁止(CSRF令牌丢失或不正确。)-即使已包含 - Forbidden (CSRF token missing or incorrect.) - even though it's included 在 Django 中的 ajax POST 期间禁止(CSRF 令牌丢失或不正确。) - Forbidden (CSRF token missing or incorrect.) during ajax POST in Django Django + VueJS:POST 403 Forbidden - CSRF 令牌丢失或不正确 - Django + VueJS: POST 403 Forbidden - CSRF token missing or incorrect 用yui设置Django CSRF_TOKEN,但控制台显示“ django.request禁止(CSRF令牌丢失或不正确。)”。 - Set Django CSRF_TOKEN with yui, but console says 'django.request Forbidden (CSRF token missing or incorrect.)' CSRF令牌丢失或不正确的django - CSRF token missing or incorrect django CSRF令牌丢失或不正确(Django) - CSRF token missing or incorrect (Django) 禁止(CSRF 令牌丢失或不正确。) | Django 和 AJAX - Forbidden (CSRF token missing or incorrect.) | Django and AJAX Django 和 Axios 禁止访问(CSRF 令牌丢失或不正确。) - Django and Axios Forbidden (CSRF token missing or incorrect.) “禁止(CSRF 令牌丢失或不正确。):”使用 Django 和 JS - “Forbidden (CSRF token missing or incorrect.):” using Django and JS 如何更正 django 中的以下代码,它给出错误“禁止(CSRF 令牌丢失或不正确。)” - How do I correct the following code in django, It's give an error “Forbidden (CSRF token missing or incorrect.)”
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM