Question

我是django的初学者。我只想发布并注册用户。如果我这样做，我收到错误＆＃34; CSRF失败：CSRF令牌丢失或不正确。＆＃34;我的apiview是这样的。

class RegistrationView(APIView):
    """ Allow registration of new users. """
    permission_classes = (permissions.AllowAny,)

    def post(self, request):
        serializer = RegistrationSerializer(data=request.DATA)
        # Check format and unique constraint
        if not serializer.is_valid():
            return Response(serializer.errors,\
                            status=status.HTTP_400_BAD_REQUEST)
        data = serializer.data

        # u = User.objects.create_user(username=data['username'],
        #                              email=data['email'],
        #                              password='password')

        u = User.objects.create(username=data['username'])
        u.set_password(data['password'])
        u.save()

        # Create OAuth2 client
        name = u.username
        client = Client(user=u, name=name, url='' + name,\
                client_id=name, client_secret='', client_type=1)
        client.save()
        return Response(serializer.data, status=status.HTTP_201_CREATED)

我已经阅读了有关CSRF令牌的内容。

How to make a POST simple JSON using Django REST Framework? CSRF token missing or incorrect

在我的setting.py中，就像这样。我需要改变全球水平吗？或者我应该在哪里修改，以便在注册新用户时我不会遇到CSRF令牌错误？

REST_FRAMEWORK = {

    'DEFAULT_AUTHENTICATION_CLASSES':
        ('rest_framework.authentication.OAuth2Authentication',
         'rest_framework.authentication.SessionAuthentication'),

    'DEFAULT_MODEL_SERIALIZER_CLASS':
        'rest_framework.serializers.ModelSerializer',

    'DEFAULT_PERMISSION_CLASSES':
    ('rest_framework.permissions.IsAdminUser',)
}

Answer 1

如果您在Django REST框架中使用SessionAuthentication，那么您需要在POST中提供CSRF令牌。请查看此链接Working with AJAX, CSRF & CORS。

另请查看example javascript from the Django docs。

Django注册用户＆amp; CSRF令牌

1 个答案: