堆栈内存溢出
  简体   繁体   English

为什么我会收到 Javascript 请求的“CSRF Token Missing or Incorrect”错误

[英]Why do I get 'CSRF Token Missing or Incorrect' error for Javascript Request

 原文  2019-06-20 17:22:59       javascript/ python/ django/ ajax/ csrf

问题描述

I am trying to create request in Javascript when a button is clicked but instead receive the error Forbidden (CSRF token missing or incorrect.) .我试图在单击按钮时在 Javascript 中创建请求,但收到错误Forbidden (CSRF token missing or incorrect.) I have included {% csrf_token %} in the HTML template:我在 HTML 模板中包含了{% csrf_token %}

<form action="/cart" method="POST">
    {% csrf_token %}
    <button type="button" id="ordered">Place Order</button>
</form>

But am unsure if I have to include it in my Javascript request:但我不确定是否必须将它包含在我的 Javascript 请求中:

const request = new XMLHttpRequest();
request.open("POST", "/cart");

// send request
let data = new FormData();

items = localStorage.getItem(user + "items")
total = localStorage.getItem(user + "price")
data.append("items", items)
data.append("total", total)

request.send(data);

In my views.py :在我的views.py

def cart(request):
    if request.method == "POST":
        data = request.get_json()
        print(f"{data}")

        return HttpResponseRedirect(reverse("index"))
   else:
        return render(request, "cart.html")

2 个解决方案

解决方案1
 0  2020-03-16 13:44:15

您必须在每个 JavaScript 请求中发送 CSRF 令牌: https : //docs.djangoproject.com/en/2.2/ref/csrf/#ajax

解决方案2
 0  2020-03-17 20:34:17

To get rid of this error, simply append CSRF token to your json data or add it to headers as shown below.要消除此错误,只需将 CSRF 令牌附加到您的 json 数据或将其添加到标题中,如下所示。

...
headers: {'X-CSRFToken': '{{ csrf_token }}'}
...

or或者

...
headers: [{name: 'X-CSRFToken', value: csrfToken.value}],
...

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 为什么会出现“ CSRF令牌丢失或不正确”错误? - Why do I get a 'CSRF token missing or incorrect' error? 尽管我在表单中有 csrf 令牌,但在 Django POST 请求中,禁止的 CSRF 令牌丢失或不正确 - Forbidden CSRF token missing or incorrect in Django POST request even though I have csrf token in form 如何更正 django 中的以下代码,它给出错误“禁止(CSRF 令牌丢失或不正确。)” - How do I correct the following code in django, It's give an error “Forbidden (CSRF token missing or incorrect.)” csrf令牌丢失或不正确 - csrf token is missing or incorrect Flask - 条纹元素“400 个错误请求:CSRF 令牌丢失或不正确” - Flask - Stripe Elements "400 bad request: CSRF token is missing or incorrect" CSRF令牌丢失或不正确的django - CSRF token missing or incorrect django CSRF令牌丢失或不正确(Django) - CSRF token missing or incorrect (Django) django错误ajax CSRF令牌丢失或不使用jquery不正确 - django error ajax CSRF token missing or incorrect without jquery CSRF 验证失败。 请求中止。失败的原因:CSRF 令牌丢失或不正确 - CSRF verification failed. Request aborted.Reason given for failure:CSRF token missing or incorrect 用yui设置Django CSRF_TOKEN,但控制台显示“ django.request禁止(CSRF令牌丢失或不正确。)”。 - Set Django CSRF_TOKEN with yui, but console says 'django.request Forbidden (CSRF token missing or incorrect.)'
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM