Django，使用Ajax从Http页面安全登录 [英] Django, Secure Login with Ajax from Http page

问题描述

我通过ajax从Http页面登录用户。我将请求发送到安全（https）页面。我的问题是我没有收到回复，因为（我假设）我的视图函数返回一个HttpResponse对象到https页面（我的用户仍然在http）。

I log in users from a Http page via ajax. I'm making the request to a secure (https) page. My issue is that I'm not receiving a response because (I assume) my view function is returning an HttpResponse object to the https page (my user is still at http).

这是代码

  @secure_required      
  def login_async(request):
      if request.method=='POST':
         email=request.POST.get('email', '')
          try:
            user=User.objects.get(email__exact=email)
            username=user.username

          except User.DoesNotExist:
             username=''

      password=request.POST.get('password', '')


      user=auth.authenticate(username=username, password=password)
      if user is not None:
        auth.login(request,user)
        user_status=1
        user_fname=user.first_name


       user_data=[{'user_status':user_status, 'user_fname':user_fname,'user_favorite':user_favorite,'flag_record':flag_record, 'message_sent':message_sent,'is_post_owner':is_post_owner}]
       json_data=json.dumps(user_data)
       response=HttpResponse()
       response['Content-Type']="text/javascript"
       response.write(json_data)
       return response  
     else:  
        user_data=[{'user_status':user_status}]
        json_data=json.dumps(user_data)
        response=HttpResponse()
        response['Content-Type']="text/javascript"
        response.write(json_data)
        return response 

  else:
    user_data=[{'user_status':"0"}]                         

           json_data=json.dumps(user_data)
        response=HttpResponse()
        response['Content-Type']="text/javascript"
        response.write(json_data)
        return response 

为什么不让整个页面https，你问？好问题。我有一些问题，使Tweet按钮https兼容。

Why not just make the whole page https, you ask? Good question. I was having some issues with making the Tweet Button https compatible.

感谢

推荐答案

发送网络，你会发现它不是你想要的POST，而是OPTIONS请求。这是因为来自http页面的https XHTTPRequest（AJAX）的处理方式与跨域相同，请检查 jQuery：我得到OPTIONS请求而不是GET ，以便处理这个问题。

If you'd check what your browser is sending over the net you'd see that it's not POST as you wanted but OPTIONS request. It's caused because https XHTTPRequest (AJAX) from http page is treated same way as cross-domain, check jQuery: I get OPTIONS request instead of GET for answer on handling that.

还有一件事，整个：

json_data=json.dumps(user_data)
response=HttpResponse()
response['Content-Type']="text/javascript"
response.write(json_data)
return response

可以被替换：

return HttpResponse(json.dumps(user_data), mimetype='text/javascript')

这篇关于Django，使用Ajax从Http页面安全登录的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！