[英]CSRF verification failed. Request aborted. in django ajax post
我收到錯誤CSRF驗證失敗。 請求中止。
我有兩個文件,一個是post.html和post_reply.html
我正在使用ajax將post_reply文件html轉換為post.html
視圖是
def Display_post(request):
if request.method=="GET":
post = Post.objects.all()
#print post
data = []
for pos in post:
rep = Comment.objects.filter(post=post)
html = render_to_string('home/post_reply.html',{"post":post, "rep":rep})
return HttpResponse(html, mimetype="application/json")
因此,現在我的回復表單位於post_reply文件上,該文件即將進入post.html。現在在這里,我的CSRF驗證失敗。 錯誤我使用@csrf_exempt仍然無法正常工作
Post.html
function save_reply(s)
{
//alert("hello");
//alert(s);
$.djangocsrf( "enable" );
var reply = $(".rep1").val();
var form = $("#"+s).parent();
//alert(reply);
csr = $("#"+s).prev().val();
alert(csr);
data = {
reply: reply,
};
$.ajax({
url: "/home/reply_save/"+s,
type: "POST",
data: form.serialize(),
success: function (response) {
alert("hello");
},
error: function () {
}
});
}
post_reply.html
{% for postone in post %}
<div class="testmain span11">
<div class="span1 test1"><img src="/media/{{postone.image}}" width="70" height="70" class="img-circle img-responsive"/></div>
<div class="span8 second">
<div class="test1 span5"><a><strong>{{postone.user}}</strong></a></div>
<br/>{{postone.time}}<br/><br/>
<div class="test1 span7">{{postone.post}}</div>
<div class="test span8"><img src="/media/{{postone.image}}" width="300" height="300"/></div>
<div class="span8" style="margin-bottom:2%;"><a class="replytopost" style="margin-left:-4%;" onclick='tog({{postone.pk}})'>Reply<span class="badge">{{postone.number_of_reply}}</span></a><input class="id5" type="hidden" value='{{postone.pk }}'></div>
<div id='{{postone.pk}}' class="hid">
<form method="post" action="." enctype="multipart/form-data" class="horizontal-form" role="form" id='{{postone.pk}}' style=""> {% csrf_token %}
<input type="text" name="lname" class="rep1" style="border-radius: 0px; "><input type="submit" onclick="save_reply({{postone.pk}})" class="btn btn-info replysave" id='{{postone.pk}}' value="Reply" style="border-radius: 0px; margin-bottom: 10px;"/>
</form>
<br/>{% for rep1 in rep %}
<div class="span1 test1"><img src="/media/{{postone.image}}" class="img-circle img-responsive" width="50" height="50"></div>
<div class="span6 third">
<div class="test1 span5"><a><strong>{{postone.user}}</strong></a></div>
<br/>
<div class="test1 span7">{{postone.post}}</div><br/>
<div class="test1 span6" style="margin-top:3%; margin-left:10%; font-size:0.9em;">{% load humanize %} {{postone.time|naturaltime}}</div>
</div>
{% endfor %}
</div>
</div>
</div>
{% endfor %}
請遵循django文檔 :
將javascript代碼添加到您的頁面,以通過ajax請求發送csrf值:
function getCookie(name) {
var cookieValue = null;
if (document.cookie && document.cookie != '') {
var cookies = document.cookie.split(';');
for (var i = 0; i < cookies.length; i++) {
var cookie = jQuery.trim(cookies[i]);
// Does this cookie string begin with the name we want?
if (cookie.substring(0, name.length + 1) == (name + '=')) {
cookieValue = decodeURIComponent(cookie.substring(name.length + 1));
break;
}
}
}
return cookieValue;
}
var csrftoken = getCookie('csrftoken');
function csrfSafeMethod(method) {
// these HTTP methods do not require CSRF protection
return (/^(GET|HEAD|OPTIONS|TRACE)$/.test(method));
}
$.ajaxSetup({
beforeSend: function(xhr, settings) {
if (!csrfSafeMethod(settings.type) && !this.crossDomain) {
xhr.setRequestHeader("X-CSRFToken", csrftoken);
}
}
});
您可以使用中間件來避免對所有ajax帖子進行csrf檢查,請在csrf中間件之前使用它。
class DisableCSRF(object):
def process_request(self, request):
if request.is_ajax():
setattr(request, '_dont_enforce_csrf_checks', True)
是的,它是一種快速而骯臟的解決方案,但我將其用於不使用Cookie的其余api后端。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.