当我通过cURL执行POST请求时,即使没有发送CSRF令牌头,它也会成功完成(HTTP 201)。
curl -X POST http://server/app/addrecord/ -d '{"pk":"1", "lname":"Smith", "fname":"Robert"}' -H "Content-Type: application/json" > out.html
然而,当我在Obj-C中使用AFNetworking尝试相同的操作时,我收到403错误,指出需要CSRF令牌。
AFHTTPSessionManager *manager = [AFHTTPSessionManager manager];
AFJSONRequestSerializer *serializer = [AFJSONRequestSerializer serializer];
[serializer setValue:@"application/json" forHTTPHeaderField:@"Content-Type"];
[serializer setValue:@"application/json" forHTTPHeaderField:@"Accept"];
[manager setRequestSerializer:serializer];
AFJSONResponseSerializer *respSerializer = [AFJSONResponseSerializer serializer];
respSerializer.acceptableContentTypes = [NSSet setWithObjects:@"application/json", @"text/html", @"text/plain", @"text/json", nil];
manager.responseSerializer = respSerializer;
[manager POST:@"http://server/app/addrecord/" parameters:parameters success:^(NSURLSessionDataTask * task, id responseObject) {
NSLog(@"Success");
} failure:^(NSURLSessionDataTask * task, NSError * error) {
NSLog(@"Error");
}];
只需将以下行添加到我的请求序列化程序中,错误就会消失。
[serializer setValue:csrf forHTTPHeaderField:@"X-CSRFTOKEN"];
虽然我不需要AFNetworking代码在没有发送CSRF令牌的情况下工作,但我想理解为什么cURL命令在没有令牌的情况下工作但AFNetworking代码没有。