如何在 Django、csrf 令牌和 POST 请求中使用 curl [英] How to use curl with Django, csrf tokens and POST requests

问题描述

我正在使用 curl 来测试我的一种 Django 表单.我尝试过的调用(每个调用都有错误，并且为了可读性而在多行中):

I'm using curl to test one of my Django forms. The calls I've tried (with errors from each, and over multiple lines for readability):

(1):

curl
-d "{"email":"test@test.com"}"
--header "X-CSRFToken: [triple checked value from the source code of a page I already loaded from my Django app]"
--cookie "csrftoken=[same csrf value as above]"
http://127.0.0.1:8083/registrations/register/

(在 cookie 中带有 http 标头和 csrftoken)会导致 400 错误且没有返回数据.

(with http header and csrftoken in cookie) results in a 400 error with no data returned.

(2):

curl
-d "{a:1}"
--header "X-CSRFToken:[as above]"
--cookie "csrftoken=[as above];sessionid=[from header inspection in Chrome]"
http://127.0.0.1:8083/registrations/register/

(如 (1) 中，但标头属性声明中没有空格，并且在 cookie 中也有 sessionid)导致相同的 400 错误且没有返回数据.

(as in (1) but no spaces in header property declaration, and with sessionid in cookie too) results in the same 400 error with no data returned.

(3):

curl
-d "{a:1}"
--header "X-CSRFToken:[as above]"
http://127.0.0.1:8083/registrations/register/

(只有带有 X-CSRFToken 的 http 标头，没有 cookie)导致错误代码 403，并带有消息:CSRF cookie 未设置.

(only http header with X-CSRFToken, no cookie) results in error code 403, with message: CSRF cookie not set.

如何使用 curl 测试我的表单?除了 cookie 值和 http 标头之外，我还没有考虑哪些因素?

How can I test my form with curl? What factors am I not considering besides cookie values and http headers?

推荐答案

Damien 的回应和您的示例 2 的混合对我有用.我用一个简单的登录页面来测试，我希望你的注册视图是类似的.Damien 的响应几乎有效，但缺少 sessionid cookie.

A mixture of Damien's response and your example number 2 worked for me. I used a simple login page to test, I expect that your registration view is similar. Damien's response almost works, but is missing the sessionid cookie.

我推荐一种更强大的方法.与其手动输入来自其他请求的 cookie，不如尝试使用 curl 的内置 cookie 管理系统来模拟完整的用户交互.这样，您就可以减少出错的机会:

I recommend a more robust approach. Rather than manually entering the cookies from other requests, try using curl's built in cookie management system to simulate a complete user interaction. That way, you reduce the chance of making an error:

$ curl -v -c cookies.txt -b cookies.txt host.com/registrations/register/
$ curl -v -c cookies.txt -b cookies.txt -d "email=user@site.com&a=1&csrfmiddlewaretoken=<token from cookies.txt>" host.com/registrations/register/

第一个 curl 模拟用户首先通过 GET 请求到达页面，并保存所有必要的 cookie.第二个 curl 模拟填写表单字段并将它们作为 POST 发送.请注意，您必须按照 Damien 的建议在 POST 数据中包含 csrfmiddlewaretoken 字段.

The first curl simulates the user first arriving at the page with a GET request, and all the necessary cookies are saved. The second curl simulates filling in the form fields and sending them as a POST. Note that you have to include the csrfmiddlewaretoken field in the POST data, as suggested by Damien.

这篇关于如何在 Django、csrf 令牌和 POST 请求中使用 curl的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！