[英]Forbidden CSRF token missing or incorrect in Django POST request even though I have csrf token in form
I have included csrf_token in data while making AJAX request.我在发出 AJAX 请求时将 csrf_token 包含在数据中。 But I keep getting 403 as a response when I make a POST request.
但是当我发出 POST 请求时,我不断收到 403 作为响应。
I checked whether csrf_token is empty or not before making the request.在提出请求之前,我检查了 csrf_token 是否为空。
Everything seems fine, what could be triggering the error?一切似乎都很好,可能是什么触发了错误?
Here is my html code:这是我的 html 代码:
<form method = "POST" >
{% csrf_token %}
<div class="form-group">
<label for="name">Name:</label>
<input type="text" class="form-control" id="name" placeholder="Enter name" name="name" required>
</div>
<div class="form-group">
<label for="email">Email:</label>
<input type="email" class="form-control" id="email" placeholder="Enter email" name="email" >
</div>
<div class="form-group">
<label for="pwd">Password:</label>
<input type="password" class="form-control" id="pwd" placeholder="Enter password" name="pwd" >
</div>
<div class="form-group">
<label for="name">Website:</label>
<input type="text" class="form-control" id="website" placeholder="Enter website" name="website">
</div>
<div class="checkbox">
<label><input type="checkbox" name="remember"> Remember me</label>
</div>
<input type="text" id="submit" class="btn btn-default" value="Submit">
Javascript Code: Javascript代码:
$("#submit").click(function(){
var finalData = {};
finalData.name = $('#name').val();
finalData.email = $('#email').val();
finalData.pwd = $('#pwd').val();
finalData.website = $('#website').val();
finalData.csrfmiddlewaretoken = $('input[name=csrfmiddlewaretoken]').val();
$.ajax({
url: window.location.pathname,
type: "POST",
data: JSON.stringify(finalData),
contentType: "application/json",
success: function(data){
alert('Yo man');
},
error: function(xhr, status, error) {
alert(xhr.responseText);
}
});
});
Python code:蟒蛇代码:
def signup(request):
if request.method == 'POST':
response_json = request.POST
response_json = json.dumps(response_json)
xy = json.loads(response_json)
user = User()
user.name = xy['name']
user.email = xy['email']
user.password = make_password(xy['pwd'])
user.website = xy['website']
user.save()
return JsonResponse({'name': 'test'}, status=200)
else:
context = {'dummy': 'dummy'}
return render(request, 'forms/signup.html', context)
Code in urls.py of my App:我的应用程序的 urls.py 中的代码:
from django.conf.urls import url
from . import views
urlpatterns = [
# HomePage
url(r'^$', views.index, name='index'),
# Signup Page
url('signup', views.signup, name='signup'),
]
Try the same by adding following code on top of your script通过在脚本顶部添加以下代码来尝试相同的操作
$.ajaxSetup({
beforeSend: function(xhr, settings) {
if (settings.type == 'POST' || settings.type == 'PUT' || settings.type == 'DELETE') {
function getCookie(name) {
var cookieValue = null;
if (document.cookie && document.cookie != '') {
var cookies = document.cookie.split(';');
for (var i = 0; i < cookies.length; i++) {
var cookie = jQuery.trim(cookies[i]);
// Does this cookie string begin with the name we want?
if (cookie.substring(0, name.length + 1) == (name + '=')) {
cookieValue = decodeURIComponent(cookie.substring(name.length + 1));
break;
}
}
}
return cookieValue;
}
if (!(/^http:.*/.test(settings.url) || /^https:.*/.test(settings.url))) {
// Only send the token to relative URLs i.e. locally.
xhr.setRequestHeader("X-CSRFToken", getCookie('csrftoken'));
}
}
}
});
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.