我收到错误CSRF验证失败。请求中止。
我有两个文件,一个是post.html和post_reply.html
我使用ajax
将post_reply文件html发送到post.html视图是
def Display_post(request):
if request.method=="GET":
post = Post.objects.all()
#print post
data = []
for pos in post:
rep = Comment.objects.filter(post=post)
html = render_to_string('home/post_reply.html',{"post":post, "rep":rep})
return HttpResponse(html, mimetype="application/json")
所以现在我的回复表单是post_reply文件,它正在进入post.html 现在我在这里得到CSRF验证失败。错误我使用@csrf_exempt仍然无法正常工作
Post.html
function save_reply(s)
{
//alert("hello");
//alert(s);
$.djangocsrf( "enable" );
var reply = $(".rep1").val();
var form = $("#"+s).parent();
//alert(reply);
csr = $("#"+s).prev().val();
alert(csr);
data = {
reply: reply,
};
$.ajax({
url: "/home/reply_save/"+s,
type: "POST",
data: form.serialize(),
success: function (response) {
alert("hello");
},
error: function () {
}
});
}
post_reply.html
{% for postone in post %}
<div class="testmain span11">
<div class="span1 test1"><img src="/media/{{postone.image}}" width="70" height="70" class="img-circle img-responsive"/></div>
<div class="span8 second">
<div class="test1 span5"><a><strong>{{postone.user}}</strong></a></div>
<br/>{{postone.time}}<br/><br/>
<div class="test1 span7">{{postone.post}}</div>
<div class="test span8"><img src="/media/{{postone.image}}" width="300" height="300"/></div>
<div class="span8" style="margin-bottom:2%;"><a class="replytopost" style="margin-left:-4%;" onclick='tog({{postone.pk}})'>Reply<span class="badge">{{postone.number_of_reply}}</span></a><input class="id5" type="hidden" value='{{postone.pk }}'></div>
<div id='{{postone.pk}}' class="hid">
<form method="post" action="." enctype="multipart/form-data" class="horizontal-form" role="form" id='{{postone.pk}}' style=""> {% csrf_token %}
<input type="text" name="lname" class="rep1" style="border-radius: 0px; "><input type="submit" onclick="save_reply({{postone.pk}})" class="btn btn-info replysave" id='{{postone.pk}}' value="Reply" style="border-radius: 0px; margin-bottom: 10px;"/>
</form>
<br/>{% for rep1 in rep %}
<div class="span1 test1"><img src="/media/{{postone.image}}" class="img-circle img-responsive" width="50" height="50"></div>
<div class="span6 third">
<div class="test1 span5"><a><strong>{{postone.user}}</strong></a></div>
<br/>
<div class="test1 span7">{{postone.post}}</div><br/>
<div class="test1 span6" style="margin-top:3%; margin-left:10%; font-size:0.9em;">{% load humanize %} {{postone.time|naturaltime}}</div>
</div>
{% endfor %}
</div>
</div>
</div>
{% endfor %}
答案 0 :(得分:2)
将javascript代码添加到您的网页,以便使用ajax请求发送csrf值:
function getCookie(name) {
var cookieValue = null;
if (document.cookie && document.cookie != '') {
var cookies = document.cookie.split(';');
for (var i = 0; i < cookies.length; i++) {
var cookie = jQuery.trim(cookies[i]);
// Does this cookie string begin with the name we want?
if (cookie.substring(0, name.length + 1) == (name + '=')) {
cookieValue = decodeURIComponent(cookie.substring(name.length + 1));
break;
}
}
}
return cookieValue;
}
var csrftoken = getCookie('csrftoken');
function csrfSafeMethod(method) {
// these HTTP methods do not require CSRF protection
return (/^(GET|HEAD|OPTIONS|TRACE)$/.test(method));
}
$.ajaxSetup({
beforeSend: function(xhr, settings) {
if (!csrfSafeMethod(settings.type) && !this.crossDomain) {
xhr.setRequestHeader("X-CSRFToken", csrftoken);
}
}
});
答案 1 :(得分:-1)
您可以使用中间件来避免对所有ajax帖子进行csrf检查,在csrf中间件之前使用它。
class DisableCSRF(object):
def process_request(self, request):
if request.is_ajax():
setattr(request, '_dont_enforce_csrf_checks', True)
是的,这是一个快速而肮脏的解决方案,但我将它用于我的休息api后端,它不使用cookie。