Microsoft Edge和IE11的CSRF问题 [英] CSRF issue with Microsoft Edge and IE11
问题描述
我有一个CSRF令牌问题,仅在MS Edge和IE11中出现-在Chrome,Firefox和IE9中都可以正常工作.
I have a CSRF token issue that only occurs in MS Edge and IE11 - it works fine in Chrome, Firefox and even IE9.
仅通过Ajax进行Http发布时才会出现此问题.它给我Http403禁止的错误.
The problem only occurs when doing Http post via Ajax. It gives me Http403 forbidden error.
我在这里遵循了Django中的指南: https://docs.djangoproject.com/zh-CN/1.7/ref/contrib/csrf/
I have followed the guide in Django here: https://docs.djangoproject.com/en/1.7/ref/contrib/csrf/
我是否需要为IE11/MS Edge添加一些额外的标题?还有其他人遇到过这个问题吗?
Do I need to add some extra headers for IE11 / MS Edge? Has anyone else encountered this problem?
推荐答案
2小时后,我自己找到了答案...
2 hours later, and I found the answer myself...
对于那些与Microsoft Edge和IE11可能存在相同问题的用户,此修补程序在于CSRF_COOKIE_DOMAIN设置.
To those who might have the same issue with Microsoft Edge and IE11, the fix lies with the setting CSRF_COOKIE_DOMAIN.
我尝试过这样设置:
CSRF_COOKIE_DOMAIN = "subdomain.domain.com"
但是,即使它是一个子域站点,也无法正常工作.像这样设置它就像一种魅力:
However, that did not work, even though it was a subdomain site. Setting it like this works like a charm:
CSRF_COOKIE_DOMAIN = ".domain.com"
这篇关于Microsoft Edge和IE11的CSRF问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!