角度、django 和 csrf [英] angular, django and csrf
问题描述
来自 http://docs.angularjs.org/api/ng.$http ,它说我们应该设置包含令牌的默认标头,所以我正在关注它.
from http://docs.angularjs.org/api/ng.$http , it says we should set default headers to include the token, so i am following it.
我的代码是这样的
var myapp = angular.module('myapp', ['ngCookies', 'ui.bootstrap']).
config(['$routeProvider', function($routeProvider, $httpProvider, $cookies){
$routeProvider.
when('/', {
templateUrl: '/partials/home.html',
controller: HomeCtrl
}).
when('/game/:gameId/shortlist/create',{
templateUrl: '/partials/create-shortlist.html',
controller: CreateShortlistCtrl
}).
otherwise({redirectTo: '/'});
}]);
myapp.run(function($rootScope, $http, $cookies, $httpProvider){
$http.get('/api/get-current-user').success(function(data){
$rootScope.current_user = data;
$rootScope.current_team = $rootScope.current_user.team;
});
$http.get('/api/get-current-season').success(function(data){
$rootScope.current_season = data;
});
$rootScope.csrf_token = $cookies.csrftoken;
console.log($httpProvider.defaults.headers.common);
//$httpProvider.defaults.headers.post['X-CSRFToken'] = $cookies.csrftoken;
});
如您所见,我应用了多种方法,但无法使用 csrf 令牌设置标头.我遇到的两个错误是
as you can see, i have applied multiple approaches but am unable to set header with csrf token. the two errors i have encountered are
未捕获的错误:未知提供者:$httpProviderProvider <-$httpProvider
Uncaught Error: Unknown provider: $httpProviderProvider <- $httpProvider
我做错了什么?
推荐答案
如果您使用 AngularJS 1.1.3 或更新版本,您可以使用 xsrfHeaderName
和 xsrfCookieName
:
If you use AngularJS 1.1.3 or newer you can use xsrfHeaderName
and xsrfCookieName
:
var myapp = angular.module('myapp', ['ngCookies', 'ui.bootstrap']).
config(['$routeProvider', function($routeProvider, $httpProvider, $cookies){
$httpProvider.defaults.xsrfHeaderName = 'X-CSRFToken';
$httpProvider.defaults.xsrfCookieName = 'csrftoken';
...
请参阅文档 1.1.3 中的$location.
See $location in 1.1.3 the documentation.
这篇关于角度、django 和 csrf的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!