django 中避免csrf错误

1. settings.py 中 MIDDLEWARE_CLASSES 中 注释掉'django.middleware.csrf.CsrfViewMiddleware'

2.在项目的views.py 的方法上加上 @csrf_exempt 装饰 (需要 from django.views.decorators.csrf import csrf_exempt)

3.在对应的html页面的form表单中前{% csrf_token %};

如果是ajax方式提交的,第三种方法不适用,此时需要在static中添加一个js文件,在页面引入该js,内容如下:

/*====================django ajax ======*/

jQuery(document).ajaxSend(function(event, xhr, settings) {

function getCookie(name) {

var cookieValue = null;

if (document.cookie && document.cookie != '') {

var cookies = document.cookie.split(';');

for (var i = 0; i < cookies.length; i++) {

var cookie = jQuery.trim(cookies[i]);

// Does this cookie string begin with the name we want?

if (cookie.substring(0, name.length + 1) == (name + '=')) {

cookieValue = decodeURIComponent(cookie.substring(name.length + 1));

break;

}

}

}

return cookieValue;

}

function sameOrigin(url) {

// url could be relative or scheme relative or absolute

var host = document.location.host; // host + port

var protocol = document.location.protocol;

var sr_origin = '//' + host;

var origin = protocol + sr_origin;

// Allow absolute or scheme relative URLs to same origin

return (url == origin || url.slice(0, origin.length + 1) == origin + '/') ||

(url == sr_origin || url.slice(0, sr_origin.length + 1) == sr_origin + '/') ||

// or any other URL that isn't scheme relative or absolute i.e relative.

!(/^(\/\/|http:|https:).*/.test(url));

}

function safeMethod(method) {

return (/^(GET|HEAD|OPTIONS|TRACE)$/.test(method));

}

if (!safeMethod(settings.type) && sameOrigin(settings.url)) {

xhr.setRequestHeader("X-CSRFToken", getCookie('csrftoken'));

}

});

/*===============================django ajax end===*/

你可能感兴趣的:(django 中避免csrf错误)