堆栈内存溢出
  简体   繁体   English

如何在第一个请求中传递 csrf-token

[英]how to pass csrf-token in first request

 原文  2019-07-22 09:47:15       django/ http/ django-rest-framework/ angular7/ csrf-token

问题描述

my question is how cookies works, this question is arrived in my mind when i loaded my page for first time i got this我的问题是 cookie 是如何工作的,当我第一次加载我的页面时,我想到了这个问题

REQUEST HEADER
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Accept-Encoding: gzip, deflate, br
Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
Cache-Control: max-age=0
Connection: keep-alive
Cookie: csrftoken=gsZxmbW4XUpE6YnaQhlrAx9JduyExVgzWEo4fXhcY4V3fbHWVtwf0msbDQDT5r43
Host: 127.0.0.1:8000
Upgrade-Insecure-Requests: 1

when first request was sent it already had csrftoken in cookie发送第一个请求时,cookie 中已经包含 csrftoken

i tried same in incognito window than also i got same result.我在隐身窗口中尝试了相同的结果,但也得到了相同的结果。 how can my browser already have cookie without any communication to server我的浏览器如何在没有与服务器进行任何通信的情况下已经有 cookie

i am working on django with angular 7, problems is that i am sending my request from angular我正在使用 angular 7 开发 django,问题是我正在从 angular 发送我的请求

 this.http.post('http://127.0.0.1:8000/',data,  {observe : "response", withCredentials: true } )}

but in response of that i am not getting any csrftoken in setcookie .但作为回应,我在 setcookie 中没有得到任何 csrftoken。

please help me ..... sorry for adding two problems in one question but both are indirectly connected to each other请帮帮我..... 抱歉在一个问题中添加了两个问题,但两者都间接相互关联

2 个解决方案

解决方案1
 0  2019-07-24 12:36:29

actually thing was that django was running on 127.0.0.1 and angular was running on localhost( any loop back address) and that's why for security(CORS) issue, browser(chrome) was not allowing me to neither send cookie in request nor set cookie in response .实际上,django 在 127.0.0.1 上运行,而 angular 在 localhost(任何环回地址)上运行,这就是为什么出于安全(CORS)问题,浏览器(chrome)不允许我在请求中发送 cookie 或设置 cookie作为回应。 so i had two options one change same-site to none in browser or change my angular setting to render on 127.0.0.1.所以我有两个选择,一个是在浏览器中将相同站点更改为无,或者更改我的角度设置以在 127.0.0.1 上呈现。

解决方案2
 0  2021-11-02 12:45:44

CSRF 只能停止到 PUT、POST 和 DELETE,它总是以 GET 请求打开,如果您能够在第一次通过 GET 发送它,那就太好了。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何在 Django (CSRF-Token) 中使用 Javscript 发出 POST 请求? - How can I make a POST-request using Javscript in Django (CSRF-Token)? 将 CSRF-TOKEN 添加到 angularJs 2 - Add CSRF-TOKEN into angularJs 2 在forms.py中声明CSRF令牌 - Declacre CSRF-Token in forms.py DRF如何关闭基于JWT的身份验证的CSRF令牌检查? - How does DRF turn off CSRF-token check for JWT-based authentication? 如何在 django 和 javascript 之间传递 csrf 令牌 - how to pass a csrf token between django and javascript 如何将 POST 数据中的 CSRF 令牌传递给 Django? - How to pass CSRF token in POST data to Django? 如何使用urllib从请求中读取django应用程序之间的CSRF令牌 - How to pass CSRF token between django applications by reading it from request using urllib AJAX 请求和 csrf 令牌 - AJAX request and csrf token 如何将csrf_token传递给jqgrid的editurl的post params? - How to pass csrf_token to the post params of editurl of jqgrid? 如何将 csrf_token 传递给 django 中的 javascript 文件? - how to pass csrf_token to javascript file in django?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM