[英]detail: “CSRF Failed: CSRF token missing or incorrect.”
我在restaurant_detail.html中使用了window.CSRF_TOKEN =“{{csrf_token}}”里面的腳本標記,其中我發布了用於發布評論的反應頁面。 但是我收到了一個錯誤。 在我的onSubmit函數中,我已經安慰檢查是否傳遞了csrf令牌,是的。
我發布評論的axios代碼是
onSubmit(props){
console.log('csrf',CSRF_TOKEN);
axios({
method:'POST',
url:'/api/review/create/',
headers:{
'X-CSRF-Token':CSRF_TOKEN,
//'Access-Control-Allow-Origin':'*',
'Accept': 'application/json',
'Content-Type': 'application/json',
},
data:{
review:props.review
}
})
.then(response => {
console.log('success');
})
.catch(error => {
throw("Error: ",error);
});
}
API / Views.py
class ReviewCreateAPIView(CreateAPIView):
queryset = Review.objects.all()
# permisssion_classes = [IsAuthenticated]
def get_serializer_class(self):
model_type = self.request.GET.get('type')
slug = self.request.GET.get('slug')
parent_id = self.request.GET.get('parent_id')
return create_review_serializer(model_type=model_type, slug=slug, parent_id=parent_id, reviewer=self.request.user)
serializers.py
def create_review_serializer(model_type='restaurant',slug=None, parent_id=None, reviewer=None):
class ReviewCreateSerializer(ModelSerializer):
class Meta:
model = Review
fields = ('id','review','created',)
def __init__(self, *args, **kwargs):
self.model_type = model_type
self.slug = slug
self.parent_obj = None
if parent_id:
parent_qs = Review.objects.filter(id=parent_id)
if parent_qs.exists() and parent_qs.count() == 1:
self.parent_obj = parent_qs.first()
return super(ReviewCreateSerializer, self).__init__(*args, **kwargs)
def validate(self, data):
model_type = self.model_type
model_qs = ContentType.objects.filter(model=model_type)
if not model_qs.exists() or model_qs.count() != 1:
raise ValidationError('This is not a valid content type')
SomeModel = model_qs.first().model_class()
obj_qs = SomeModel.objects.filter(slug=self.slug) # Restaurant.objects.filter(slug=self.slug)
if not obj_qs.exists() or obj_qs.count() != 1:
raise ValidationError('This is not a slug for this content type')
return data
def create(self, validated_data):
review = validated_data.get('review')
print('review',review)
if reviewer:
main_reviewer = reviewer
else:
main_reviewer = User.objects.all().first()
model_type = self.model_type
slug = self.slug
parent_obj = self.parent_obj
review = Review.objects.create_for_model_type(model_type, slug, review, main_reviewer, parent_obj=parent_obj)
return review
return ReviewCreateSerializer
urls.py
url(r'^create/$', ReviewCreateAPIView.as_view(), name="reviewcreateapiview"),
restaurant_detail.html
<div id="app"></div>
<script type="text/javascript"> window.CSRF_TOKEN = "{{ csrf_token }}"; </script>
我該如何解決這個問題?
你做了一個簡單的錯誤。 有一個錯字。 做替換
'X-CSRF令牌'
至
'X-CSRFToken'
如果你有正確的代碼,那么它應該發布你的數據。
我不熟悉axios,但我解決了類似的問題使用JQuery的打擊代碼:
$.ajaxSetup({
data : {
csrfmiddlewaretoken : '{{ csrf_token }}'
},
});
您必須使用cookie值在ajax調用中設置標頭。
$.ajaxSetup({
beforeSend: function(xhr, settings) {
function getCookie(name) {
var cookieValue = null;
if (document.cookie && document.cookie != '') {
var cookies = document.cookie.split(';');
for (var i = 0; i < cookies.length; i++) {
var cookie = jQuery.trim(cookies[i]);
// Does this cookie string begin with the name we want?
if (cookie.substring(0, name.length + 1) == (name + '=')) {
cookieValue = decodeURIComponent(cookie.substring(name.length + 1));
break;
}
}
}
return cookieValue;
}
if (!(/^http:.*/.test(settings.url) || /^https:.*/.test(settings.url))) {
// Only send the token to relative URLs i.e. locally.
xhr.setRequestHeader("X-CSRFToken", getCookie('csrftoken'));
}
}
});
在 Django 中的 ajax POST 期間禁止(CSRF 令牌丟失或不正確。)
[英]Forbidden (CSRF token missing or incorrect.) during ajax POST in Django
“禁止(CSRF 令牌丟失或不正確。):”使用 Django 和 JS
[英]“Forbidden (CSRF token missing or incorrect.):” using Django and JS
禁止(CSRF 令牌丟失或不正確。) | Django 和 AJAX
[英]Forbidden (CSRF token missing or incorrect.) | Django and AJAX
{detail: 'CSRF Failed: CSRF token missing.'} Django 和 React
[英]{detail: 'CSRF Failed: CSRF token missing.'} Django and React
禁止(CSRF 令牌丟失或不正確。)如何將 CSRF 令牌從前端發送到后端?
[英]Forbidden (CSRF token missing or incorrect.) how to send CSRF token from frontend to backend?
用yui設置Django CSRF_TOKEN,但控制台顯示“ django.request禁止(CSRF令牌丟失或不正確。)”。
[英]Set Django CSRF_TOKEN with yui, but console says 'django.request Forbidden (CSRF token missing or incorrect.)'
盡管正確發送令牌,Django 服務器仍報告“禁止(CSRF 令牌丟失或不正確。)”?
[英]Django server reporting "Forbidden (CSRF token missing or incorrect.)" despite sending token correctly?
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.