如何使Django 2.1接受PATCH / DELETE请求

Question

I am building an app with Django 2.1 and I want to be able to do PATCH/DELETE requests through ajax calls. Through researching about this I found out the solution to be to deceive the browser by using a POST request, but setting the header X_METHODOVERRIDE to the desired method.

I would start doing this by creating a middleware that will take care of this. What is the best way of doing?

Please note that I don't want to use Django-REST

Code so far for making the DELETE request:

view.py

class CategoryManageView(StaffRequiredMixin, View):
    model = Category
    response_dict = {'status': False, 'text': '', 'data': {}}

    def delete(self, request, *args, **kwargs):
        cat = get_object_or_404(Category, request.POST['id'])
        self.response_dict['data'] = cat
        cat.delete()
        self.response_dict['status'] = True
        self.response_dict['text'] = 'Category deleted successfuly'
        return JsonResponse(self.response_dict)

If the ajax call method is set to DELETE instead of POST or GET I get error in console:

DELETE http://127.0.0.1:8000/dashboard/admin/categories/manage 403 (Forbidden)

Answer 1

The error code 403 indicates that this is because of CSRF protection. As the CSRF documentation shows, PUT and DELETE - as well as POST - are considered "unsafe" methods, and Django therefore disallows the requests if they don't have a valid CSRF token.

The same page has documentation on how to enable the token in your Ajax requests. Alternatively - although this is strongly discouraged - you can use the @csrf_exempt decorator on the view to disable the protection.