如何使用 Django 和 AngularJS 创建 POST 请求(包括 CSRF 令牌) [英] How to create a POST request (including CSRF token) using Django and AngularJS
问题描述
我正在尝试使用 angular.js 向这个 Django 视图创建一个 POST 请求.
I'm trying to create a POST request using angular.js to this Django view.
class PostJSON4SlickGrid(View):
"""
REST POST Interface for SlickGrid to update workpackages
"""
def post(self, request, root_id, wp_id, **kwargs):
print "in PostJSON4SlickGrid"
print request.POST
return HttpResponse(status=200)
因此我创建了这个资源.
Therefore I created this resource.
myModule.factory('gridData', function($resource) {
//define resource class
var root = {{ root.pk }};
return $resource('{% url getJSON4SlickGrid root.pk %}:wpID/', {wpID:'@id'},{
get: {method:'GET', params:{}, isArray:true},
update:{method:'POST'}
});
});
在控制器中调用 get 方法工作正常.url 被转换为 http://127.0.0.1:8000/pm/rest/tree/1/
.
Calling the get method in a controller works fine. The url gets translated to http://127.0.0.1:8000/pm/rest/tree/1/
.
function gridController($scope, gridData){
gridData.get(function(result) {
console.log(result);
$scope.treeData = result;
//broadcast that asynchronous xhr call finished
$scope.$broadcast('mySignal', {fake: 'Hello!'});
});
}
虽然我在执行更新/POST 方法时遇到问题.
While I m facing issues executing the update/POST method.
item.$update();
URL 被转换为 http://127.0.0.1:8000/pm/rest/tree/1/345
,它缺少尾部斜杠.如果不在 URL 定义中使用尾部斜杠,则可以轻松规避这一点.
The URL gets translated to http://127.0.0.1:8000/pm/rest/tree/1/345
, which is missing a trailing slash. This can be easily circumvented when not using a trailing slash in your URL definition.
url(r'^rest/tree/(?P<root_id>\d+)/(?P<wp_id>\d+)$', PostJSON4SlickGrid.as_view(), name='postJSON4SlickGrid'),
代替
url(r'^rest/tree/(?P<root_id>\d+)/(?P<wp_id>\d+)/$', PostJSON4SlickGrid.as_view(), name='postJSON4SlickGrid'),
使用不带斜杠的变通方法,我现在得到 403(禁止)状态代码,这可能是因为我没有通过 CSRF 标记在 POST 请求中.因此,我的问题归结为如何将 CSRF 令牌传递到由 angular 创建的 POST 请求中?
Using the workaround without the trailing slash I get now a 403 (Forbidden) status code, which is probably due to that I do not pass a CSRF token in the POST request. Therefore my question boils down to how I can pass the CSRF token into the POST request created by angular?
我知道这种通过标头传递 csrf 令牌的方法,但我正在寻找一种可能性按照此处的建议,将令牌添加到发布请求的正文中.是否可以在 Angular 中将数据添加到 post 请求正文?
I know about this approach to pass the csrf token via the headers, but I m looking for a possibility to add the token to the body of the post request, as suggested here. Is it possible in angular to add data to the post request body?
作为附加阅读,可以查看这些关于资源的讨论、删除的尾部斜杠以及资源当前的限制:disc1 和 disc2.在一次讨论中,一位作者建议目前不要使用资源,而是使用这种方法.
As additional readings one can look at these discussions regarding resources, removed trailing slashes, and the limitations resources currently have: disc1 and disc2. In one of the discussions one of the authors recommended to currently not use resources, but use this approach instead.
推荐答案
你能不能这样打电话:
$http({
method: 'POST',
url: url,
data: xsrf,
headers: {'Content-Type': 'application/x-www-form-urlencoded'}
})
data
可以是您希望传递的任何内容,然后只需将 &{{csrf_token}}
附加到其中即可.
The data
can be whatever you wish to pass and then just append &{{csrf_token}}
to that.
在您的资源 params:{}
中,尝试在 params
In your resource params:{}
, try adding csrfmiddlewaretoken:{{csrf_token}}
inside the params
您可以将数据传递给请求正文
You can pass data to the request body as
item.$update({csrfmiddlewaretoken:{{csrf_token}}})
和标题为
var csrf = '{{ csrf_token }}';
update:{method:'POST', headers: {'X-CSRFToken' : csrf }}
这是一个未记录的问题
这篇关于如何使用 Django 和 AngularJS 创建 POST 请求(包括 CSRF 令牌)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!