Django X-CSRF 令牌不能在 javascript 提取中设置
[英]Django X-CSRF token cannot be set in javascript fetch
问题描述
I am trying to generate a csrf token in javascript and use that with a POST request using fetch.
我正在尝试在 javascript 中生成一个 csrf 令牌,并将其与使用 fetch 的 POST 请求一起使用。 In my html, I have the following script tag under head to generate the csrf token:在我的 html 中,我在head下有以下脚本标记来生成 csrf 令牌:
<head>
<script type="text/javascript">
var user = '{{request.user}}'
function getCookie(name) {
let cookieValue = null;
if (document.cookie && document.cookie !== '') {
const cookies = document.cookie.split(';');
for (let i = 0; i < cookies.length; i++) {
const cookie = cookies[i].trim();
// Does this cookie string begin with the name we want?
if (cookie.substring(0, name.length + 1) === (name + '=')) {
cookieValue = decodeURIComponent(cookie.substring(name.length + 1));
break;
}
}
}
return cookieValue;
}
var csrftoken = getCookie('csrftoken');
console.log(csrftoken)
</script>
</head>
Then under body , I have the following script tag where I retrieve the csrftoken variable and pass it to the 'X-CSRFToken' header in fetch() :然后在body下,我有以下脚本标签,我在其中检索 csrftoken 变量并将其传递给fetch()中的'X-CSRFToken' header :
<body>
<script type="text/javascript">
console.log('Hello World')
console.log(csrftoken)
var updateButtons = document.getElementsByClassName('update-cart')
for(i = 0; i < updateButtons.length; i++){
updateButtons[i].addEventListener('click', function(){
var productId = this.dataset.product
var action = this.dataset.action
console.log('productId: ', productId, 'action: ', action)
console.log('user: ', user)
if(user === 'AnonymousUser'){
console.log('Not logged in.')
}else{
updateUserOrder(productId, action)
}
})
}
function updateUserOrder(productId, action){
console.log('User is authenticated. Sending data...')
console.log(csrftoken)
var url = '/update_item/'
fetch(url, {
method: 'POST',
headers: {
'Content-Type':'application/json',
'X-CSRFToken':csrftoken,
},
body: JSON.stringify({'productId': productId, 'action': action})
})
.then((response) => {
return response.json()
})
.then((data) => {
console.log('data: ', data)
})
}
</script>
</body>
The csrftoken variable is displayed by all the console.log() calls but I still get the following exceptions:所有console.log()调用都会显示csrftoken变量,但我仍然遇到以下异常:
(index):169 POST http://127.0.0.1:8000/update_item/ 500 (Internal Server Error)
updateUserOrder
Uncaught (in promise) SyntaxError: Unexpected token < in JSON at position 0
views.py,视图.py,
def update_item(request):
data = json.loads(request.data)
product_id = data['productId']
action = data['action']
print('action: ', action)
print('product_id: ', product_id)
customer = request.user.customer
product = Product.objects.get(id=product_id)
order, created = Order.objects.get_or_create(customer=customer, complete=False)
orderitem, created = OrderItem.objects.get_or_create(order=order, product=product)
if action == 'add':
orderitem.quantity += 1
elif action == 'remove':
orderitem.quantity -= 1
orderitem.save()
if orderitem.quantity <= 0:
orderitem.delete()
return JsonResponse('Item was added.', safe=False)
I cannot seem to figure out whether it is a syntax error or if I am setting the 'X-CSRFToken' header wrong.我似乎无法弄清楚这是语法错误还是我将“X-CSRFToken” header 设置错误。 Other similar answers did not help.其他类似的答案没有帮助。
1 个解决方案
解决方案1
0 已采纳 2020-11-28 11:00:35
Solved.解决了。 It was not an issue with my javascript or the csrftoken variable therein.我的 javascript 或其中的 csrftoken 变量不是问题。 Rather it was in my server code.而是在我的服务器代码中。 In views.py, I typed data = json.loads(request.data) .在 views.py 中,我输入data = json.loads(request.data) 。 But it should be data = json.loads(request.body) .但它应该是data = json.loads(request.body) 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.