@csrf_exempt在基于通用视图的类上不起作用 [英] @csrf_exempt does not work on generic view based class
问题描述
返回JsonResponse({'status':request.user)
class ChromeLoginView(View) is_authenticated()})
@method_decorator(csrf_exempt)
def post(self,request):
username = request.POST ['username']
password = request.POST ['password']
user = authenticate(username = username,password = password)
如果用户不是None:
如果user.is_active:
login(request ,user)
return JsonResponse({'status':True})
return JsonResponse({'status':False})
我期待该帖子由csrf停止,但它返回403错误。
但是如果删除那个装饰器和在URLConf中执行此操作
url(r'^ chrome_login /',csrf_exempt(ChromeLoginView.as_view()),name =' chrome_login'),
它会工作。
这里发生了什么?没有它应该工作,因为我猜这是method_decorator做的。
我使用python3.4和django1.7.1
任何建议都会很棒。
您需要为 csrf_exempt
装饰 dispatch
方法。它的作用是将视图函数本身的 csrf_exempt
属性设置为 True
,中间件在(最外)视图功能。如果只有少数方法需要装饰,您仍然需要在 dispatch
方法中使用 csrf_exempt
,但是您可以使用 csrf_protect
放()
。如果一个 GET
, HEAD
,选项
或 TRACE
使用HTTP方法,不会检查是否装饰它。
class ChromeLoginView(View):
pre>
@method_decorator(csrf_exempt)
def dispatch(self,request, * args,** kwargs):
return super(ChromeLoginView,self).dispatch(request,* args,** kwargs)
def get(self,request):
返回JsonResponse({'status':request.user.is_authenticated()})
def post(self,request):
username = request.POST ['username']
password = request.POST ['password']
user = authenticate(username = username,password = password)
如果用户不是没有:
如果user.is_active:
login(request,user)
return JsonResponse({'status':True})
return JsonResponse({'status':False})
class ChromeLoginView(View): def get(self, request): return JsonResponse({'status': request.user.is_authenticated()}) @method_decorator(csrf_exempt) def post(self, request): username = request.POST['username'] password = request.POST['password'] user = authenticate(username=username, password=password) if user is not None: if user.is_active: login(request, user) return JsonResponse({'status': True}) return JsonResponse({'status': False})
I am expecting that the post does stopped by csrf, but it return 403 error.
But if remove that decorator and do this in the URLConf
url(r'^chrome_login/', csrf_exempt(ChromeLoginView.as_view()), name='chrome_login'),
it will work.
What happened here? didn't it supposed to work, because I guess that's what method_decorator do. I'm using python3.4 and django1.7.1
Any advice would be great.
解决方案You need to decorate the
dispatch
method forcsrf_exempt
to work. What it does is set ancsrf_exempt
attribute on the view function itself toTrue
, and the middleware checks for this on the (outermost) view function. If only a few of the methods need to be decorated, you still need to usecsrf_exempt
on thedispatch
method, but you can usecsrf_protect
on e.g.put()
. If aGET
,HEAD
,OPTIONS
orTRACE
HTTP method is used it won't be checked whether you decorate it or not.class ChromeLoginView(View): @method_decorator(csrf_exempt) def dispatch(self, request, *args, **kwargs): return super(ChromeLoginView, self).dispatch(request, *args, **kwargs) def get(self, request): return JsonResponse({'status': request.user.is_authenticated()}) def post(self, request): username = request.POST['username'] password = request.POST['password'] user = authenticate(username=username, password=password) if user is not None: if user.is_active: login(request, user) return JsonResponse({'status': True}) return JsonResponse({'status': False})
这篇关于@csrf_exempt在基于通用视图的类上不起作用的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!