[英]Why do I get 'CSRF Token Missing or Incorrect' error for Javascript Request
I am trying to create request in Javascript when a button is clicked but instead receive the error Forbidden (CSRF token missing or incorrect.)
.我试图在单击按钮时在 Javascript 中创建请求,但收到错误
Forbidden (CSRF token missing or incorrect.)
。 I have included {% csrf_token %}
in the HTML template:我在 HTML 模板中包含了
{% csrf_token %}
:
<form action="/cart" method="POST">
{% csrf_token %}
<button type="button" id="ordered">Place Order</button>
</form>
But am unsure if I have to include it in my Javascript request:但我不确定是否必须将它包含在我的 Javascript 请求中:
const request = new XMLHttpRequest();
request.open("POST", "/cart");
// send request
let data = new FormData();
items = localStorage.getItem(user + "items")
total = localStorage.getItem(user + "price")
data.append("items", items)
data.append("total", total)
request.send(data);
In my views.py
:在我的
views.py
:
def cart(request):
if request.method == "POST":
data = request.get_json()
print(f"{data}")
return HttpResponseRedirect(reverse("index"))
else:
return render(request, "cart.html")
您必须在每个 JavaScript 请求中发送 CSRF 令牌: https : //docs.djangoproject.com/en/2.2/ref/csrf/#ajax
To get rid of this error, simply append CSRF token to your json data or add it to headers as shown below.要消除此错误,只需将 CSRF 令牌附加到您的 json 数据或将其添加到标题中,如下所示。
...
headers: {'X-CSRFToken': '{{ csrf_token }}'}
...
or或者
...
headers: [{name: 'X-CSRFToken', value: csrfToken.value}],
...
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.