如何创建一个POST请求使用（包括CSRF令牌），Django和AngularJS [英] How to create a POST request (including CSRF token) using Django and AngularJS

问题描述

我试图创建一个使用angular.js这个Django的视图中的POST请求。

I'm trying to create a POST request using angular.js to this Django view.

class PostJSON4SlickGrid(View):
    """
    REST POST Interface for SlickGrid to update workpackages
    """

    def post(self, request, root_id, wp_id, **kwargs):
        print "in PostJSON4SlickGrid"
        print request.POST
        return HttpResponse(status=200)

所以我创造了这个资源。

Therefore I created this resource.

myModule.factory('gridData', function($resource) {
    //define resource class
    var root = {{ root.pk }};
    return $resource('{% url getJSON4SlickGrid root.pk %}:wpID/', {wpID:'@id'},{
            get: {method:'GET', params:{}, isArray:true},
            update:{method:'POST'}
    });
});

调用获取在控制器方法工作正常。该URL被转换为 http://127.0.0.1:8000/pm/rest/tree/1/ 。

Calling the get method in a controller works fine. The url gets translated to http://127.0.0.1:8000/pm/rest/tree/1/.

function gridController($scope, gridData){
    gridData.get(function(result) {
        console.log(result);
        $scope.treeData = result;
        //broadcast that asynchronous xhr call finished
        $scope.$broadcast('mySignal', {fake: 'Hello!'});  
    });
}

虽然我米面临执行更新/ POST方法的问题。

While I m facing issues executing the update/POST method.

item.$update();

该URL被转换为 http://127.0.0.1:8000/pm/rest/tree/1/345 ，其中缺少结尾的斜线。你可以在你的网址定义不使用斜线时，很容易规避。

The URL gets translated to http://127.0.0.1:8000/pm/rest/tree/1/345, which is missing a trailing slash. This can be easily circumvented when not using a trailing slash in your URL definition.

url(r'^rest/tree/(?P<root_id>\d+)/(?P<wp_id>\d+)$', PostJSON4SlickGrid.as_view(), name='postJSON4SlickGrid'),

而不是

url(r'^rest/tree/(?P<root_id>\d+)/(?P<wp_id>\d+)/$', PostJSON4SlickGrid.as_view(), name='postJSON4SlickGrid'),

使用的解决方法没有后面的斜杠我现在得到一个403（禁止）状态code，这可能是由于我没有传递<一个href=\"https://docs.djangoproject.com/en/dev/ref/templates/builtins/#std%3atemplatetag-csrf_token\">CSRF令牌POST请求。所以我的问题归结为我怎么能传递CSRF令牌成角创建POST请求？

Using the workaround without the trailing slash I get now a 403 (Forbidden) status code, which is probably due to that I do not pass a CSRF token in the POST request. Therefore my question boils down to how I can pass the CSRF token into the POST request created by angular?

我知道这个方法通过头传递CSRF令牌，但我找了可能性< STRONG>标记添加到POST请求的身体，这里建议。是否有可能在角将数据添加到POST请求的身体？

I know about this approach to pass the csrf token via the headers, but I m looking for a possibility to add the token to the body of the post request, as suggested here. Is it possible in angular to add data to the post request body?

随着更多的读数可以看一下对资源的这些讨论，删除尾随斜线和限制资源目前有： DISC1 和 DISC2 。
在讨论的一个作者之一，建议目前不要使用资源，但使用这种方法来代替。

As additional readings one can look at these discussions regarding resources, removed trailing slashes, and the limitations resources currently have: disc1 and disc2. In one of the discussions one of the authors recommended to currently not use resources, but use this approach instead.

推荐答案

你不能让这样的电话：

$http({
    method: 'POST',
    url: url,
    data: xsrf,
    headers: {'Content-Type': 'application/x-www-form-urlencoded'}
})

的数据可以是任何你想传递，然后只需追加＆放大器; {{csrf_token}} 来这一点。

The data can be whatever you wish to pass and then just append &{{csrf_token}} to that.

在您的资源 params：一个{} ，尝试添加 csrfmiddlewaretoken：{{csrf_token}} 中的 PARAMS

In your resource params:{}, try adding csrfmiddlewaretoken:{{csrf_token}} inside the params

编辑：

您可以将数据传递给请求身体

You can pass data to the request body as

item.$update({csrfmiddlewaretoken:{{csrf_token}}})

和到标题为

var csrf = '{{ csrf_token }}'; 
update:{method:'POST', headers: {'X-CSRFToken' : csrf }} 

这是一个无证问题

这篇关于如何创建一个POST请求使用（包括CSRF令牌），Django和AngularJS的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！