其余的Django框架 - 与PUT请求验证错误 [英] Django rest framework - Authentication error with PUT requests
问题描述
我有一个非常简单的资源像这样我的模型'presentacion
I have a very simple Resource like this for my model 'Presentacion'
class PresentacionResource(ModelResource):
model = Presentacion
fields = (some fields)
ignore_fields = (few to ignore)
和我需要实现这种验证,所以只要我阅读,我创建了两个包装
and I need to implement authentication for this, so as I read, I created two wrappers
class AuthListOrCreateModelView(ListOrCreateModelView):
permissions = (IsAuthenticated, )
class AuthInstanceModelView(InstanceModelView):
permissions = (IsAuthenticated, )
然后在我在我的urls.py
And then in my in my urls.py
url(r'^presentaciones/$', AuthListOrCreateModelView.as_view(resource=PresentacionResource), name='presentacion-root'),
url(r'^presentaciones/(?P<id>[0-9]+)$', AuthInstanceModelView.as_view(resource=PresentacionResource), name='presentacion'),
这是工作正常的GET'presentaciones /的请求,但是当我尝试做一个PUT请求,我得到一个403 FORBIDDEN
This is working fine for the GET 'presentaciones/' requests but when I try to make a PUT request, I'm getting a 403 FORBIDDEN
什么是奇怪,我是GET是工作的罚款:只要我登录,它的正确响应,但如果我退出它与403 FORBIDDEN响应
What's strange to me is that GET is working fine: as long as I'm logged, it's responding correctly but if I logout it responds with 403 FORBIDDEN.
推荐答案
如果您使用的是Django的基于会话的身份验证,那么你可能会绊倒内置的Django的CSRF保护(见UserLoggedInAuthentication类[1])。
If you are using Django's session based authentication, then you may be tripping over the CSRF protection built into Django (see UserLoggedInAuthentication class[1]).
如果是这样的话,你需要确保CSRF的cookie被发送到客户端,然后您可以调整jQuery的指示[2]有可能改变数据的请求发出的X CSRFToken头。
If this is the case, you will need to ensure that a CSRF cookie gets sent to the client and then you can adapt the jQuery instructions[2] to send the X-CSRFToken header with requests that may change data.
[1] http://django-rest-framework.org/_modules/authentication html的
[2] https://docs.djangoproject.com/恩的/ dev / REF /的contrib / CSRF /#阿贾克斯
这篇关于其余的Django框架 - 与PUT请求验证错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
