使用 React(Django 后端)进行 axios 调用时出现 403 禁止请求
[英]403 Forbidden request when making an axios call with React (Django backend)
问题描述
I am trying to authenticate my session on a web application using ReactJS. My backend is setup on Django. When logging in to the application, I do receive the cookies in the header, however I am unable to set the cookies. However, when I try to post the request 'withCredentials: true', it returns me the 403 error.
我正在尝试使用 ReactJS 在 web 应用程序上验证我的 session。我的后端设置在 Django 上。登录到应用程序时,我确实在 cookies 中收到 cookies,但是当 I6819 无法设置时尝试发布请求“withCredentials:true”,它返回 403 错误。
The login call (Where I receive the cookies in response header)登录调用(我在响应标头中收到 cookies)
let url = `${BASE_URL}/login/`;
console.log('params for validateOtp:', params);
axios
.post(url, params)
.then((res) => {
console.log('validate otp code res: ', res);
resolve(res);
})
.catch((err) => {
console.log('validate otp code err: ', err);
reject(err);
});
After seeing the console, it is visible under the 'Network' tab that I do receive cookies from this API.查看控制台后,在“网络”选项卡下可以看到我确实从这个 API 收到了 cookies。
This is the API where I make the authenticated call.这是我进行身份验证调用的 API。
let url = `${BASE_URL}/updatemerchant/`;
axios
.post(url, params, {
withCredentials: true
}
)
.then((res) => {
console.log('updateDukaanUserToCloud res : ', res);
// resolve(res)
if (res.status === 200) {
resolve(res);
} else {
reject('updateDukaanUserToCloud something went wrong');
}
})
.catch((err) => {
if (err.response && err.response.status === 400) {
reject('updateDukaanUserToCloud updating user info failed');
} else {
reject('updateDukaanUserToCloud something went wrong');
}
});
settings.py设置.py
CORS_ORIGIN_ALLOW_ALL = False
CORS_ALLOW_CREDENTIALS = True
CSRF_COOKIE_NAME = "csrftoken"
CORS_ORIGIN_WHITELIST = ('http://localhost:3000', 'http://127.0.0.1:3000', 'localhost:3000', '127.0.0.1:3000')
CSRF_TRUSTED_ORIGINS = [
'localhost:3000',
'127.0.0.1:3000',
]
The error I receive with the 403 forbidden request.我在 403 禁止请求中收到的错误。
1 个解决方案
解决方案1
1 2021-02-18 09:42:51
CSRF Token, as of this point, should not be a problem, since you cannot get past the authentication problem.到目前为止,CSRF 令牌应该不是问题,因为您无法通过身份验证问题。 If Django "Session authentication" is correctly installed, whenever the correct credentials are passed from React, and "login" method is called in Django, it should automatically attach the session cookie and you don't need to do additional work in React.如果正确安装了 Django “会话身份验证”,只要从 React 传递了正确的凭据,并且在 Django 中调用了“登录”方法,它应该会自动附加 session cookie,您不需要在 React 中做额外的工作。
Did you add the "django.contrib.sessions.middleware.SessionMiddleware" middleware?您是否添加了“django.contrib.sessions.middleware.SessionMiddleware”中间件?
PS You will need to attach CSRF Token if you want to use POST requests afterwards. PS 如果以后要使用 POST 请求,则需要附加 CSRF Token。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.