将django与邮递员一起使用{“详细信息”:“ CSRF失败:CSRF令牌丢失或不正确。”} [英] Using django with postman {"detail":"CSRF Failed: CSRF token missing or incorrect."}
问题描述
我正在使用邮递员检查来自django-rest-framework的json响应。
I'm using postman to check json response from my django-rest-framework.
当我第一次尝试通过POST方法将ID,电子邮件,密码发布到我在AWS上的django(亚马逊网络服务),效果很好。它返回如下:
When my first try to post id, email, password through POST method to my django on AWS(amazon web services), it works well. It returned like:
{
"key": "99def123123123123d88e15771e3a8b43e71f"
}
但是在第一次尝试后,换句话说,从第二次尝试返回
But after first try, the other words, from second try it returned
{"detail":"CSRF Failed: CSRF token missing or incorrect."}
(附加编辑+)我的腻子终端说 POST / rest-auth / login / HTTP / 1.1 403 58
(Additionally edit +) My putty terminal says "POST /rest-auth/login/ HTTP/1.1" 403 58
我看到了 http://kechengpuzi.com/q/s31108075 ,但这不适用于我的情况。
I saw http://kechengpuzi.com/q/s31108075, but it is not proper to my case.
并来自 http://django-rest-framework.narkive.com/sCyJk3hM/authentication-ordering-token-vs-session ,我找不到解决方案哪个正在使用邮递员
and from http://django-rest-framework.narkive.com/sCyJk3hM/authentication-ordering-token-vs-session, i can't find solution which is using postman
-
如何正确使用邮递员?
How can i use postman appropriately?
还是可以推荐使用其他工具?
Or Could you recommend other tools to use?
我正在使用retrofit2制作android应用程序,因此我需要工具来检查POST,GET方法和响应。
I'm making android application with retrofit2 So I need tools to check POST, GET method and responses.
推荐答案
您的api需要CSRF令牌,您必须将CSRF令牌添加到请求(和邮递员)中:
Your api need CSRF token, you have to add CSRF token to the request(and postman):
data: { csrfmiddlewaretoken: csrf_token, "username": "thesamething", "email": "thesamething", "password": "thesamething" }
您可以从表单输入字段中获取CSRF令牌(如果使用django,则会找到隐藏字段内置表单api),或者如果您使用Ajax,则可以查看跨站点请求伪造保护。 $ a与您的授权密钥无关,您的密钥用于识别您的身份,CSRF令牌用于确保此请求是从服务器发送的。
You can get CSRF token from your form input field(you will find a hidden field if you use django build-in form api) or if you use Ajax, you can have a look at Cross Site Request Forgery protection.It has nothing to do with your authorization key, your key is use to identify who you are, and CSRF token is to make sure this request is send from your server.
这篇关于将django与邮递员一起使用{“详细信息”:“ CSRF失败:CSRF令牌丢失或不正确。”}的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
