为什么我在AJAX请求使用@csrf_exempt时,得到一个403 Forbidden错误? [英] Why am I be getting a 403 Forbidden error when using @csrf_exempt in AJAX request?
问题描述
我试图写在Django一个非常基本的AJAX请求,我不断收到403禁止错误在这两个浏览器开发和Django的控制台。我发布一个类似的问题有一天,已经尝试了所有建议的解决方案,包括@csrf_exempt(排除如果这是连CSRF问题),我都试过,包括csrfmiddlewaretoken的:{{csrf_token}}'在AJAX POST请求(下面的数据),这并没有解决问题,无论是。这是我的code。
I am trying to write a very basic AJAX request in Django, and I keep getting the 403 forbidden error in both the Chrome Dev and Django consoles. I posted a similar question the other day and have tried all of the proposed solutions including @csrf_exempt (to rule out if this is even a csrf issue), I have tried including csrfmiddlewaretoken: '{{ csrf_token }}' in the AJAX POST request (underneath data), this did not resolve the issue either. Here is my code.
def profile_listview(request, username,
template_name=userena_settings.USERENA_PROFILE_DETAIL_TEMPLATE,
extra_context=None, **kwargs):
user = get_object_or_404(get_user_model(),
username__iexact=username)
fullsalelist = Entry.objects.filter(author__username__iexact=username)
@csrf_exempt
def delete_object(request):
if request.is_ajax():
print "request is ajax"
object_name = request.POST.get('entryname')
targetobject = Entry.objects.get(headline=object_name)
if request.user.username == targetobject.author:
targetobject.delete()
print "hello"
return HttpResponseRedirect('/storefront/')
和AJAX code中的模板:
And AJAX code in the template:
<script type="text/javascript">
var my_app = {
username: "{{ request.user.username }}"
};
</script>
<script>
$(document).ready(function() {
$(".delete_button").click(function() {
var id = $(this).attr('id');
$.ajax({
type: "POST",
url: "/accounts/" + my_app.username + "/listview/",
data: { entryname:id },
});
return false;
});
});
</script>
网址
(r'^accounts/(?P<username>[\@\.\w-]+)/listview/$', profile_listview),
事情值得注意:
Things worth noting:
-
我已经CSRF中间件在我的设置,打开
I have csrf middleware turned on in my settings
里面的jQuery的AJAX code,URL和数据都发送了正确的信息
inside the jQuery AJAX code, url and data are both sending the correct information
当我点击删除按钮,我得到了403 Forbidden错误。
When I click the delete button, I get the 403 forbidden error.
打印请求AJAX不会在控制台打印(或任何地方)。
The print "request is ajax" does not print in the console (or anywhere).
我也很困惑,因为我得到相互矛盾的信息。有人告诉我,我应该补充通过javascript的CSRF值( https://开头的文档。 djangoproject.com/en/1.7/ref/contrib/csrf/ )。这让我有2个问题。 1.这是如何比增加csrfmiddlewaretoken什么不同:{{csrf_token}}在我的POST请求?和2。更重要的是,没有的事实,我仍然在使用的时候@csrf_exempt那种使这一有争议的问题得到一个403错误?
I am also confused because I am getting conflicting information. I was told I should add the csrf value via javascript (https://docs.djangoproject.com/en/1.7/ref/contrib/csrf/). This leaves me with 2 questions. 1. How is this any different than adding csrfmiddlewaretoken: '{{ csrf_token }}' in my POST request? and 2. More importantly, doesn't the fact that I still get a 403 error when using @csrf_exempt kind of make this a moot point?
推荐答案
据我了解,delete_object里面profile_listview功能,但profile_listview没有调用它。因此,profile_listview没有http响应。 发布错误消息
To my understanding, delete_object is a function inside profile_listview, but the profile_listview didn't call it. Therefore, the profile_listview has no http response. Post the error message
这篇关于为什么我在AJAX请求使用@csrf_exempt时,得到一个403 Forbidden错误?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!