[英]Forbidden (CSRF token missing or incorrect.) during ajax POST in Django
[英]Forbidden (CSRF token missing or incorrect.) | Django and AJAX
:(
我正在发出 ajax 请求,但出现此错误:
Forbidden (CSRF token missing or incorrect.): /manager/ajax/
[23/Jun/2020 00:00:46] "POST /manager/ajax/ HTTP/1.1" 403 2517
[23/Jun/2020 00:01:18] "GET /manager/test/update/3/ HTTP/1.1" 200 10249
Forbidden (CSRF token missing or incorrect.): /manager/ajax/
[23/Jun/2020 00:01:18] "POST /manager/ajax/ HTTP/1.1" 403 2517
[23/Jun/2020 00:01:22] "GET /manager/test/update/3/ HTTP/1.1" 200 10249
Forbidden (CSRF token missing or incorrect.): /manager/ajax/
[23/Jun/2020 00:01:23] "POST /manager/ajax/ HTTP/1.1" 403 2517
JS:
function getCookie(name) {
var cookieValue = null;
if (document.cookie && document.cookie !== '') {
var cookies = document.cookie.split(';');
for (var i = 0; i < cookies.length; i++) {
var cookie = cookies[i].trim();
// Does this cookie string begin with the name we want?
if (cookie.substring(0, name.length + 1) === (name + '=')) {
cookieValue = decodeURIComponent(cookie.substring(name.length + 1));
break;
}
}
}
return cookieValue;
}
var csrftoken = getCookie('csrftoken');
fetch('/manager/ajax/', {
method: 'POST',
body: JSON.stringify({
csrfmiddlewaretoken: csrftoken,
title: 'hello!!!! :(',
}),
headers: {
"Content-Type": "application/x-www-form-urlencoded"
}
})
.then(response => response.json())
.then(json => console.log(json))
我的观点:
def delete_exam_question(request):
print(request.method)
if request.is_ajax:
print(request.POST)
#exam_question = ExamQuestion.objects.get(title = request.POST.get('title'))
#exam_question.delete()
return JsonResponse({'deleted': True})
我试图像在这个问题( "application/x-www-form-urlencoded"
)中那样修复它,我已经尝试过指示"application/json"
,但它不起作用...... :(
我通过了令牌( csrftoken
),但它仍然不起作用,我已经尝试了一切,但我无法让它工作。
( "Content-Type"
=> "application/x-www-form-urlencoded"
)
使用装饰器csrf_exempt
装饰视图。 POST数据是:
<QueryDict: {'{"csrfmiddlewaretoken":"4gTL9H17LIgTFc3HseYFuT6JQMbkEHxiuGXVxu9WWKTgN0gVmUtJJPDgwem0zj4U","title":"holaaa"}': ['']}>
这就是他给我错误的原因,但这种情况非常罕见。 而且我不知道如何纠正它,有什么想法吗? 我不太了解JavaScript。
我将Conten-Type
更改为"application/json"
,POST 数据为:
<QueryDict: {}>
但是,我打印request.body
,并打印:
b'{"csrfmiddlewaretoken":"4gTL9H17LIgTFc3HseYFuT6JQMbkEHxiuGXVxu9WWKTgN0gVmUtJJPDgwem0zj4U","title":"holaaa"}'
这是怎么回事? :(
看看下面的源代码,如果使用XMLHttpRequest
调用,您需要明确告诉 Django 这个请求。 最好避免使用is_ajax
来检测 ajax,因为它将在未来的版本中被弃用
def is_ajax(self):
warnings.warn(
'request.is_ajax() is deprecated. See Django 3.1 release notes '
'for more details about this deprecation.',
RemovedInDjango40Warning,
stacklevel=2,
)
return self.META.get('HTTP_X_REQUESTED_WITH') == 'XMLHttpRequest'
在您的 header 中添加这些行,对于 ajax 请求,首选使用X-CSRFToken
,因为它还支持其他请求方法,如DELETE
、 PUT
等
# django internllay change '-' to '_' and add prefix HTTP in front of the value
# so 'X-Requested-With' becomes HTTP_X_REQUESTED_WITH, which is used by is_ajax function
{
'X-Requested-With': 'XMLHttpRequest',
'X-CSRFToken': <your_csrftoken_value>
}
$('#sub-btn').click(function(e){
e.preventDefault();
$.ajax(
{
type:"POST",
beforeSend: function (xhr) {
xhr.setRequestHeader('X-Requested-With', 'XMLHttpRequest');
xhr.setRequestHeader('X-CSRFToken', <your_csrftoken_value>);
},
url: <your_url>,
data: {test: 'test'},
success: function(data){
console.log(data)
}
});
})
此外,如果您使用jQuery
并使用此格式发送数据,您可以在request.POST
中接收数据
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.