Microsoft Edge和IE11的CSRF问题 [英] CSRF issue with Microsoft Edge and IE11

问题描述

我有一个CSRF令牌问题，仅在MS Edge和IE11中出现-在Chrome，Firefox和IE9中都可以正常工作.

I have a CSRF token issue that only occurs in MS Edge and IE11 - it works fine in Chrome, Firefox and even IE9.

仅通过Ajax进行Http发布时才会出现此问题.它给我Http403禁止的错误.

The problem only occurs when doing Http post via Ajax. It gives me Http403 forbidden error.

我在这里遵循了Django中的指南: https://docs.djangoproject.com/zh-CN/1.7/ref/contrib/csrf/

I have followed the guide in Django here: https://docs.djangoproject.com/en/1.7/ref/contrib/csrf/

我是否需要为IE11/MS Edge添加一些额外的标题?还有其他人遇到过这个问题吗?

Do I need to add some extra headers for IE11 / MS Edge? Has anyone else encountered this problem?

推荐答案

2小时后，我自己找到了答案...

2 hours later, and I found the answer myself...

对于那些与Microsoft Edge和IE11可能存在相同问题的用户，此修补程序在于CSRF_COOKIE_DOMAIN设置.

To those who might have the same issue with Microsoft Edge and IE11, the fix lies with the setting CSRF_COOKIE_DOMAIN.

我尝试过这样设置:

CSRF_COOKIE_DOMAIN = "subdomain.domain.com"

但是，即使它是一个子域站点，也无法正常工作.像这样设置它就像一种魅力:

However, that did not work, even though it was a subdomain site. Setting it like this works like a charm:

CSRF_COOKIE_DOMAIN = ".domain.com"

这篇关于Microsoft Edge和IE11的CSRF问题的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！