[英]how to pass a csrf token between django and javascript
I know very little about javascript.我对 javascript 知之甚少。
I have a GeoDjango project, and am adding a map view of some of the data using Leaflet.我有一个 GeoDjango 项目,并且正在使用 Leaflet 添加一些数据的 map 视图。 There is a lot of data so I am using a Leaflet uGeoJSON Layer to display the data (this allows leaflet to post a bounding box so Django can filter results and only pass visible data).有很多数据,所以我使用 Leaflet uGeoJSON 层来显示数据(这允许 leaflet 发布边界框,因此 Django 可以过滤结果仅可见数据)。
I am adding leaflet to a django view.我将 leaflet 添加到 django 视图中。
I have this working with a function based view in django which I decorate with @csrf_exempt, but would like to pass the proper csrf headers so I can use the generic class based django views. I have this working with a function based view in django which I decorate with @csrf_exempt, but would like to pass the proper csrf headers so I can use the generic class based django views.
The documentation for [Leaflet uGeoJSON Layer][1] suggests: [Leaflet uGeoJSON Layer][1] 的文档建议:
var headers = {};
// CSRF headers
var token = jQuery("meta[name='_csrf']").attr("content");
var header = jQuery("meta[name='_csrf_header']").attr("content");
if (header) {
headers[header]= token;
}
var customers = new L.uGeoJSONLayer({
endpoint : "/layers/customers",
headers: headers
}).addTo(map);
I added this to my javascript but token and header are always null.我将此添加到我的 javascript 但令牌和 header 始终是 null。
Here is my javascript.这是我的 javascript。
map.js
var headers = {};
// CSRF headers
var token = jQuery("meta[name='_csrf']").attr("content");
var header = jQuery("meta[name='_csrf_header']").attr("content");
if (header) {
headers[header]= token;
}
// Point Styles
var
DmseJobStyle = {
fillColor: "#FFFFE0",
color: "#FFFF00",
opacity: 1,
fillOpacity: 0.8
}
var
...
DmseJobData = new L.uGeoJSONLayer({endpoint: "data.jobs/",
usebbox: true,
headers: headers,
pointToLayer: function (feature, latlng) {
return L.circleMarker(latlng, DmseJobStyle)
},
onEachFeature:function(feature, layer) {
layer.bindPopup('Job: ' + feature.properties.num + '</br>Desc: ' + feature.properties.desc);
}
}),
var map = L.map('map', {
center: [45.75, -64.99],
zoom: 10,
layers: [osm]
});
var overlayMaps = {
...
"DMSE Jobs": DmseJobData,
};
This is in a file map.js which is loaded in my django template using:这是在我的 django 模板中加载的文件 map.js 中,使用:
<script src="{% static 'core\map.js' %}"></script>
If I add a breakpoint, token and header will both be null when loading the map.如果我添加断点,则加载 map 时,我添加断点,令牌和 header 都将是 null。 If I allow it to keep going, I get a POST... 403 error如果我允许它继续运行,我会收到一个 POST... 403 错误
In my project I use:在我的项目中,我使用:
var csrf_token = $('input[name="csrfmiddlewaretoken"]').val(); var csrf_token = $('input[name="csrfmiddlewaretoken"]').val();
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.