如何使用 flutter http 请求发送 CSRF 令牌

Question

how to send CSRF token using flutter HTTP request I have a Django based project that uses django-rest-framework for API, when I send a POST request using Postman it works perfectly fine,, but when I send an HTTP.post request from my flutter application I get这个回应：

Forbidden 403
CSRF verification failed. Request aborted.
You are seeing this message because this HTTPS site requires a “Referer header” to be sent by your Web browser, but none was sent

在 django 中使用function based view接收请求：

@api_view(['POST'])
@permission_classes([AllowAny,])
@csrf_exempt
def create_user(request):
   ......
   .....

然后在URLS中：

    path("api/v1/create_user/", api.create_user, name="create_user"),

并在 flutter 中发送请求：

http.post(Uri(myURL),header={
    'Content-Type': 'application/x-www-form-urlencoded',
}
,body={
'my_key':'my_value',
})

Answer 1

使用 django 创建 HTTPS 网站时，需要使用 Referer header。 假设您网站的域是yoursite.com ，您需要在 header 中进行设置

{"Referer": "https://yoursite.com"}

在飞镖/颤振中使用http package

import 'package:http/http.dart' as http;
var resp = http.post(Uri.parse("https://yoursite.com/api/v1/create_user"),
    headers: {"Referer": "https://yoursite.com"}