[英]Django CSRF missing or incorrect Ajax POST without jquery (Vanilla JavaScript)
when i got this error when i was using jquery i simple do:当我在使用 jquery 时遇到此错误时,我会简单地执行以下操作:
data: {'csrfmiddlewaretoken': "{{csrf_token}}"}
Now I'm trying to move to vanilla JavaScript, here is my ajax call现在我正在尝试转向 vanilla JavaScript,这是我的 ajax 调用
<script>
document.addEventListener('DOMContentLoaded', function () {
document.querySelector('#sendMessage').onclick = function (e) {
e.preventDefault();
let xhr = new XMLHttpRequest();
xhr.onreadystatechange = function (e) {
if (this.readyState == 4 && this.status == 200) {
alert('success')
let response = this.responseText
console.log(response)
} else {
console.log(this.status)
console.log(this.readyState)
}
};
xhr.open("POST", "{% url 'chat:room' room.id %}", true);
// Send data csrf_token, content, area
xhr.setRequestHeader('Content-type', 'application/json');
data = {
'csrfmiddlewaretoken': '{{ csrf_token }}',
'content': document.querySelector('#id_content').value,
'area': parseInt(document.querySelector('#id_area').value),
}
console.log(data)
xhr.send(JSON.stringify(data));
}
});
</script>
However i get this error:但是我收到这个错误:
Forbidden (CSRF token missing or incorrect.): /chat/room/3/
[04/Oct/2020 05:25:16] "POST /chat/room/3/ HTTP/1.1" 403 2513
I have been searching for a while but all answers are solving it for jquery not vanilla js, Any help?我已经搜索了一段时间,但所有的答案都是针对 jquery 而不是 vanilla js 解决的,有什么帮助吗?
Views.py:视图.py:
def room(request, room_id): room = get_object_or_404(Room, pk=room_id) if request.method == 'GET': return render(request, 'chat/room.html', {'room': room}) else: print(request.POST) message = Message.objects.create( user=request.user, content=request.POST.get('content'), room=room) message.save() return JsonResponse({})
set additional request header for CSRF:为 CSRF 设置额外的请求头:
# code
xhr.setRequestHeader('X-CSRFToken', '{{ csrf_token }}');
#code
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.