stackoom
  简体   繁体   中英

forbidden 403 error in 'PUT' request Ajax in django rest framwork

 原文  2017-06-08 09:56:35       ajax/ django/ python-3.x/ django-rest-framework

Question

I am using django-rest framework while sending put ajax request got error 403 forbidden.

user-details.html 

   <form action="{% url 'user-detail' pk=object.pk %}" id="use1">
        {% csrf_token %}
        {% for key,value in serializer.items %}
             {{key}} <input value="{{value}}" type="text" class="form-control" /><br>
        {% endfor %}

        <button class="btn btn-warning edit_record" type="button" >Update</button>
        <button type="button" class="btn btn-primary" data-toggle="modal" data-target="#deleteModal">Delete</button>
    </form>

when I click on update button ajax will call and here I got formdata with hidden field csrftoken and also other parameters but after run this ajax i got 403 forbidden error however "DELETE" method working fine here.

As far as I know we get this error when csrftoken is missing but I have csrf_token in my form. 

$(".edit_record").on("click",function() {
        var url = document.location.pathname
        form = $(this).closest("form")[0],
        formData = new FormData(form);
         $.ajax({
             type:'PUT',
             url: url,
             data: formData,
             success: function (data) {

            },
              headers: {'X_METHODOVERRIDE': 'PUT'},

         });
    });

I used ModelViewset in views.py 

 class UserViewSet(viewsets.ModelViewSet):
        queryset = User.objects.all()
        serializer_class = UserProfileSerializer

        def update(self, request, *args, **kwargs): 
            import pdb;pdb.set_trace() 
            response = super(UserViewSet, self).update(request, *args, **kwargs)
            success =  True if response.status_code in [200,201] else False
            return Response({'object':response.data, 'success':success})

        def partial_update(self, request, *args, **kwargs):
            import pdb;pdb.set_trace()

        def destroy(self, request,*args, **kwargs):   
            response = super(UserViewSet, self).destroy(request, *args, **kwargs)
            success =  True if response.status_code == 204 else False
            return Response({'data':success})

3 answers

solution1
 1  2017-06-08 10:42:18

I think It is a Problem with Django Security and your Cookies. You need to configure your Middleware. Please take a look at this SO solution and this piece of Django Documentation .

What you could try is adding this to your Ajax Call and I would change the type to POST instead of PUT. 

$.ajaxSetup({
  data: {csrfmiddlewaretoken: '{{ csrf_token }}' },
  type: "POST",
  ..... 
 });

What worked for me is implementing this into my JS: 

function getCookie(name) {
var cookieValue = null;
if (document.cookie && document.cookie != '') {
    var cookies = document.cookie.split(';');
    for (var i = 0; i < cookies.length; i++) {
        var cookie = jQuery.trim(cookies[i]);
        // Does this cookie string begin with the name we want?
        if (cookie.substring(0, name.length + 1) == (name + '=')) {
            cookieValue = decodeURIComponent(cookie.substring(name.length + 1));
            break;
        }
    }
}
return cookieValue;
}
var csrftoken = getCookie('csrftoken');
function csrfSafeMethod(method) {
   return (/^(GET|HEAD|OPTIONS|TRACE)$/.test(method));
}
$.ajaxSetup({
    beforeSend: function(xhr, settings) {
       if (!csrfSafeMethod(settings.type) && !this.crossDomain) {
           xhr.setRequestHeader("X-CSRFToken", csrftoken);
     }
  }
});

solution2
 0  2017-06-08 10:39:52

try this, 

    $.ajax({
        type:"DELETE",
        data:{},
        url:"{{ category_update }}",
        beforeSend:function(xhr){
            xhr.setRequestHeader("X-CSRFToken", $.cookie('csrftoken'));
        },
        success:function(data,textStatus){
            location.replace(location.href);
        },
        error:function(XMLHttpRequest, textStatus, errorThrown){
           document.write(XMLHttpRequest.responseText);
        }
    });

the point is : 

beforeSend:function(xhr){
     xhr.setRequestHeader("X-CSRFToken", $.cookie('csrftoken'));
},

solution3
 0 ACCPTED  2017-06-08 13:17:49

Thank you all for helping me but I got the solution by debug the dispatch method.Here I found that form data is missing that means there is invalid formdata in request. There is no issue of csrf_token but issue in parameters which sent to ajax request.

In ajax currently i used - 

    form = $(this).closest("form")[0],
    formData = new FormData(form);

and send this formData in request( still now i Don't know why it is not working here while i always used this thing in django).I just replace the above code with following code. 

   form = $(this).closest("form"),            
   formData  = form.serialize()

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Django rest framework ajax form submit error 403 (forbidden) Ajax post getting 403 forbidden error with Django Rest Framework ajax django 403 forbidden error 403 Forbidden error when making an ajax Post request in Django framework Django - Post ajax request forbidden 403 with ExtJS post request gives 403 forbidden django ajax AJAX request return 403 (Forbidden) error error 403 forbidden on server request via ajax 403 Forbidden Error with ajax GET request Spring 403 Forbidden Error on Spring Ajax GET Request
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM