如何创建一个POST请求使用(包括CSRF令牌),Django和AngularJS [英] How to create a POST request (including CSRF token) using Django and AngularJS
问题描述
我试图创建一个使用angular.js这个Django的视图中的POST请求。
I'm trying to create a POST request using angular.js to this Django view.
class PostJSON4SlickGrid(View):
"""
REST POST Interface for SlickGrid to update workpackages
"""
def post(self, request, root_id, wp_id, **kwargs):
print "in PostJSON4SlickGrid"
print request.POST
return HttpResponse(status=200)
所以我创造了这个资源。
Therefore I created this resource.
myModule.factory('gridData', function($resource) {
//define resource class
var root = {{ root.pk }};
return $resource('{% url getJSON4SlickGrid root.pk %}:wpID/', {wpID:'@id'},{
get: {method:'GET', params:{}, isArray:true},
update:{method:'POST'}
});
});
调用获取在控制器方法工作正常。该URL被转换为 http://127.0.0.1:8000/pm/rest/tree/1/
。
Calling the get method in a controller works fine. The url gets translated to http://127.0.0.1:8000/pm/rest/tree/1/
.
function gridController($scope, gridData){
gridData.get(function(result) {
console.log(result);
$scope.treeData = result;
//broadcast that asynchronous xhr call finished
$scope.$broadcast('mySignal', {fake: 'Hello!'});
});
}
虽然我米面临执行更新/ POST方法的问题。
While I m facing issues executing the update/POST method.
item.$update();
该URL被转换为 http://127.0.0.1:8000/pm/rest/tree/1/345
,其中缺少结尾的斜线。你可以在你的网址定义不使用斜线时,很容易规避。
The URL gets translated to http://127.0.0.1:8000/pm/rest/tree/1/345
, which is missing a trailing slash. This can be easily circumvented when not using a trailing slash in your URL definition.
url(r'^rest/tree/(?P<root_id>\d+)/(?P<wp_id>\d+)$', PostJSON4SlickGrid.as_view(), name='postJSON4SlickGrid'),
而不是
url(r'^rest/tree/(?P<root_id>\d+)/(?P<wp_id>\d+)/$', PostJSON4SlickGrid.as_view(), name='postJSON4SlickGrid'),
使用的解决方法没有后面的斜杠我现在得到一个403(禁止)状态code,这可能是由于我没有传递<一个href=\"https://docs.djangoproject.com/en/dev/ref/templates/builtins/#std%3atemplatetag-csrf_token\">CSRF令牌POST请求。所以我的问题归结为我怎么能传递CSRF令牌成角创建POST请求?
Using the workaround without the trailing slash I get now a 403 (Forbidden) status code, which is probably due to that I do not pass a CSRF token in the POST request. Therefore my question boils down to how I can pass the CSRF token into the POST request created by angular?
我知道这个方法通过头传递CSRF令牌,但我找了可能性< STRONG>标记添加到POST请求的身体,这里建议。是否有可能在角将数据添加到POST请求的身体?
I know about this approach to pass the csrf token via the headers, but I m looking for a possibility to add the token to the body of the post request, as suggested here. Is it possible in angular to add data to the post request body?
随着更多的读数可以看一下对资源的这些讨论,删除尾随斜线和限制资源目前有: DISC1 和 DISC2 。
在讨论的一个作者之一,建议目前不要使用资源,但使用这种方法来代替。
As additional readings one can look at these discussions regarding resources, removed trailing slashes, and the limitations resources currently have: disc1 and disc2. In one of the discussions one of the authors recommended to currently not use resources, but use this approach instead.
推荐答案
你不能让这样的电话:
$http({
method: 'POST',
url: url,
data: xsrf,
headers: {'Content-Type': 'application/x-www-form-urlencoded'}
})
的数据
可以是任何你想传递,然后只需追加&放大器; {{csrf_token}}
来这一点。
The data
can be whatever you wish to pass and then just append &{{csrf_token}}
to that.
在您的资源 params:一个{}
,尝试添加 csrfmiddlewaretoken:{{csrf_token}}
中的 PARAMS
In your resource params:{}
, try adding csrfmiddlewaretoken:{{csrf_token}}
inside the params
编辑:
您可以将数据传递给请求身体
You can pass data to the request body as
item.$update({csrfmiddlewaretoken:{{csrf_token}}})
和到标题为
var csrf = '{{ csrf_token }}';
update:{method:'POST', headers: {'X-CSRFToken' : csrf }}
这是一个无证问题
这篇关于如何创建一个POST请求使用(包括CSRF令牌),Django和AngularJS的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!