Django ajax GET 403(禁止)
[英]Django ajax GET 403 (Forbidden)
问题描述
I have a page of articles and a Load More button with ajax call in my Django app.
我的 Django 应用程序中有一个文章页面和一个带有 ajax 调用的加载更多按钮。
The problem is that the Load More button works just when the user logged in to the site.问题是加载更多按钮仅在用户登录到站点时才起作用。
If an anonymous user clicks on the button, it doesn't work, and sees the error below in the chrome console:如果匿名用户单击该按钮,则它不起作用,并在 chrome 控制台中看到以下错误:
In the network tab in chrome console I see this error:在 chrome 控制台的网络选项卡中,我看到此错误:
But I don't want to identify the user who clicked the button and want to show more posts to everyone!但我不想识别单击按钮的用户,并想向所有人显示更多帖子!
The ajax call is: ajax 调用是:
// Load more posts in the main page
$('.load-more').click(function () {
var card_count = $(".card-count").length;
$.ajax({
url: 'load-more',
method: 'GET',
data: {
"card_count": card_count,
},
success: function (data) {
// Append more articles to the article List
},
error: function (data) {
}
});
});
And the load more function is:而负载更多的function为:
from rest_framework.decorators import api_view
@api_view()
def load_more(request):
card_count = request.GET.get("card_count")
no_more_article = False
all_articles = Article.objects.published()
article_count = all_articles.count()
try:
if article_count <= int(card_count) + 3:
no_more_article = True
articles = all_articles
else:
articles = all_articles.order_by('-publish')[:int(card_count) + 3]
except Article.DoesNotExist:
raise Article.DoesNotExist('No Articles')
serializer = ArticleSerializer(articles, many=True)
data = {
"no_more_article": no_more_article,
"serialized_obj": serializer.data,
}
return Response(json.dumps(data))
I do some search and tried some ways to pass the csrf_token or skip it:我做了一些搜索并尝试了一些方法来传递csrf_token或跳过它:
This link & This link这个链接和这个链接
But still stuck on this.但仍然坚持这一点。
How can I get rid of this error?我怎样才能摆脱这个错误?
Thanks for your help.谢谢你的帮助。
[Edit]: [编辑]:
According to @c.grey 's answer, I added these decorators to the top of the view function and it works now:根据@c.grey 的回答,我将这些装饰器添加到视图 function 的顶部,现在可以使用:
@api_view()
@authentication_classes([SessionAuthentication])
@permission_classes((AllowAny, ))
def load_more(request):
...
1 个解决方案
解决方案1
1 已采纳 2021-02-03 12:15:20
If you are using reset framework decorator then you need to set authentication_classes and permissions.如果您使用的是重置框架装饰器,那么您需要设置 authentication_classes 和权限。
@api_view()
@permission_classes((AllowAny, ))
def load_more(request):
----
Read this https://www.django-rest-framework.org/api-guide/views/#authentication_classes阅读此https://www.django-rest-framework.org/api-guide/views/#authentication_classes
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.