如何使用 Django 和 AngularJS 创建 POST 请求(包括 CSRF 令牌) [英] How to create a POST request (including CSRF token) using Django and AngularJS

问题描述

我正在尝试使用 angular.js 向这个 Django 视图创建一个 POST 请求.

I'm trying to create a POST request using angular.js to this Django view.

class PostJSON4SlickGrid(View):
    """
    REST POST Interface for SlickGrid to update workpackages
    """

    def post(self, request, root_id, wp_id, **kwargs):
        print "in PostJSON4SlickGrid"
        print request.POST
        return HttpResponse(status=200)

因此我创建了这个资源.

Therefore I created this resource.

myModule.factory('gridData', function($resource) {
    //define resource class
    var root = {{ root.pk }};
    return $resource('{% url getJSON4SlickGrid root.pk %}:wpID/', {wpID:'@id'},{
            get: {method:'GET', params:{}, isArray:true},
            update:{method:'POST'}
    });
});

在控制器中调用 get 方法工作正常.url 被转换为 http://127.0.0.1:8000/pm/rest/tree/1/.

Calling the get method in a controller works fine. The url gets translated to http://127.0.0.1:8000/pm/rest/tree/1/.

function gridController($scope, gridData){
    gridData.get(function(result) {
        console.log(result);
        $scope.treeData = result;
        //broadcast that asynchronous xhr call finished
        $scope.$broadcast('mySignal', {fake: 'Hello!'});  
    });
}

虽然我在执行更新/POST 方法时遇到问题.

While I m facing issues executing the update/POST method.

item.$update();

URL 被转换为 http://127.0.0.1:8000/pm/rest/tree/1/345，它缺少尾部斜杠.如果不在 URL 定义中使用尾部斜杠，则可以轻松规避这一点.

The URL gets translated to http://127.0.0.1:8000/pm/rest/tree/1/345, which is missing a trailing slash. This can be easily circumvented when not using a trailing slash in your URL definition.

url(r'^rest/tree/(?P<root_id>\d+)/(?P<wp_id>\d+)$', PostJSON4SlickGrid.as_view(), name='postJSON4SlickGrid'),

代替

url(r'^rest/tree/(?P<root_id>\d+)/(?P<wp_id>\d+)/$', PostJSON4SlickGrid.as_view(), name='postJSON4SlickGrid'),

使用不带斜杠的变通方法，我现在得到 403(禁止)状态代码，这可能是因为我没有通过 CSRF 标记在 POST 请求中.因此，我的问题归结为如何将 CSRF 令牌传递到由 angular 创建的 POST 请求中?

Using the workaround without the trailing slash I get now a 403 (Forbidden) status code, which is probably due to that I do not pass a CSRF token in the POST request. Therefore my question boils down to how I can pass the CSRF token into the POST request created by angular?

我知道这种通过标头传递 csrf 令牌的方法，但我正在寻找一种可能性按照此处的建议，将令牌添加到发布请求的正文中.是否可以在 Angular 中将数据添加到 post 请求正文?

I know about this approach to pass the csrf token via the headers, but I m looking for a possibility to add the token to the body of the post request, as suggested here. Is it possible in angular to add data to the post request body?

作为附加阅读，可以查看这些关于资源的讨论、删除的尾部斜杠以及资源当前的限制:disc1 和 disc2.在一次讨论中，一位作者建议目前不要使用资源，而是使用这种方法.

As additional readings one can look at these discussions regarding resources, removed trailing slashes, and the limitations resources currently have: disc1 and disc2. In one of the discussions one of the authors recommended to currently not use resources, but use this approach instead.

推荐答案

你能不能这样打电话:

$http({
    method: 'POST',
    url: url,
    data: xsrf,
    headers: {'Content-Type': 'application/x-www-form-urlencoded'}
})

data 可以是您希望传递的任何内容，然后只需将 &{{csrf_token}} 附加到其中即可.

The data can be whatever you wish to pass and then just append &{{csrf_token}} to that.

在您的资源 params:{} 中，尝试在 params

In your resource params:{}, try adding csrfmiddlewaretoken:{{csrf_token}} inside the params

您可以将数据传递给请求正文

You can pass data to the request body as

item.$update({csrfmiddlewaretoken:{{csrf_token}}})

和标题为

var csrf = '{{ csrf_token }}'; 
update:{method:'POST', headers: {'X-CSRFToken' : csrf }} 

这是一个未记录的问题

这篇关于如何使用 Django 和 AngularJS 创建 POST 请求(包括 CSRF 令牌)的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！