如何使用 Django REST 框架制作 POST 简单 JSON?CSRF 令牌丢失或不正确 [英] How to make a POST simple JSON using Django REST Framework? CSRF token missing or incorrect
问题描述
如果有人向我展示如何使用 JSON 和 Django REST 框架发出简单的 POST 请求,我会很感激.我在教程中的任何地方都没有看到任何示例?
这是我想要发布的角色模型对象.这将是一个全新的角色,我想添加到数据库中,但出现 500 错误.
<代码>{"name": "经理",描述":管理人员"}
这是我在 bash 终端提示符下的 curl 请求:
curl -X POST -H "Content-Type: application/json" -d '[{"name": "经理",描述":管理人员"}]'http://localhost:8000/lakesShoreProperties/role
网址
http://localhost:8000/lakesShoreProperties/roles
是否可以处理 GET 请求,我可以拉下数据库中的所有角色,但似乎无法创建任何新角色.我没有设置权限.我在 views.py 中使用标准视图
class RoleDetail(generics.RetrieveUpdateDestroyAPIView):查询集 = Role.objects.all()serializer_class = RoleSerializer格式 = 无类 RoleList(generics.ListCreateAPIView):查询集 = Role.objects.all()serializer_class = RoleSerializer格式 = 无
在我的 urls.py
中,相关的 url - 视图映射是正确的:
url(r'^roles/$', views.RoleList.as_view()),url(r'^role/(?P<pk>[0-9]+)/$', views.RoleDetail.as_view()),
错误信息是:
<代码>{"detail": "CSRF 失败:CSRF 令牌丢失或不正确."}
这里发生了什么,对此有什么解决方法?localhost 是跨站点请求吗?我已将 @csrf_exempt
添加到 RoleDetail
和 RoleList
但它似乎没有改变任何东西.这个装饰器甚至可以添加到类中,还是必须添加到方法中?添加 @csrf_exempt
装饰,我的错误变成:
请求方式:POST请求网址:http://127.0.0.1:8000/lakeshoreProperties/roles/Django 版本:1.5.1异常类型:属性错误异常值:函数"对象没有属性as_view"
然后我在整个应用程序中禁用了 CSRF,现在我收到了这条消息:
{"non_field_errors": ["Invalid data"]} 当我知道我的 JSON 对象是有效的 json 时.这是一个非字段错误,但我卡在了这里.
好吧,原来我的json无效?
<代码>{"name": "管理员",描述":管理人员"}
对比
<预><代码>[{"name": "管理员",描述":管理人员"}]有括号 [],会导致 POST 请求失败.但是使用 jsonlint.com 验证器,我的两个 json 对象都会验证.
更新:问题在于通过 PostMan 发送 POST,而不是在后端.请参阅 https://stackoverflow.com/a/17508420/203312
您可能需要随请求一起发送 CSRF 令牌.查看 https://docs.djangoproject.com/en/1.7/ref/contrib/csrf/#csrf-ajax
更新:因为您已经尝试免除 CSRF,所以这可能会有所帮助(取决于您使用的 Django 版本):https://stackoverflow.com/a/14379073/977931
Would appreciate someone showing me how to make a simple POST request using JSON with Django REST framework. I do not see any examples of this in the tutorial anywhere?
Here is my Role model object that I'd like to POST. This will be a brand new Role that I'd like to add to the database but I'm getting a 500 error.
{
"name": "Manager",
"description": "someone who manages"
}
Here is my curl request at a bash terminal prompt:
curl -X POST -H "Content-Type: application/json" -d '[
{
"name": "Manager",
"description": "someone who manages"
}]'
http://localhost:8000/lakesShoreProperties/role
The URL
http://localhost:8000/lakesShoreProperties/roles
DOES work with a GET request, and I can pull down all the roles in the database, but I can not seem to create any new Roles. I have no permissions set. I'm using a standard view in views.py
class RoleDetail(generics.RetrieveUpdateDestroyAPIView):
queryset = Role.objects.all()
serializer_class = RoleSerializer
format = None
class RoleList(generics.ListCreateAPIView):
queryset = Role.objects.all()
serializer_class = RoleSerializer
format = None
And in my urls.py
for this app, the relevant url - view mappings are correct:
url(r'^roles/$', views.RoleList.as_view()),
url(r'^role/(?P<pk>[0-9]+)/$', views.RoleDetail.as_view()),
Error message is:
{
"detail": "CSRF Failed: CSRF token missing or incorrect."
}
What is going on here and what is the fix for this? Is localhost a cross site request? I have added @csrf_exempt
to RoleDetail
and RoleList
but it doesn't seem to change anything. Can this decorator even be added to a class, or does it have to be added to a method?
Adding the @csrf_exempt
decorate, my error becomes:
Request Method: POST
Request URL: http://127.0.0.1:8000/lakeshoreProperties/roles/
Django Version: 1.5.1
Exception Type: AttributeError
Exception Value:
'function' object has no attribute 'as_view'
Then I disabled CSRF throughtout the entire app, and I now get this message:
{"non_field_errors": ["Invalid data"]} when my JSON object I know is valid json. It's a non-field error, but I'm stuck right here.
Well, it turns out that my json was not valid?
{
"name": "admin",
"description": "someone who administrates"
}
vs
[
{
"name": "admin",
"description": "someone who administrates"
}
]
Having the enclosing brackets [], causes the POST request to fail. But using the jsonlint.com validator, both of my json objects validate.
Update: The issue was with sending the POST with PostMan, not in the backend. See https://stackoverflow.com/a/17508420/203312
You probably need to send along the CSRF token with your request. Check out https://docs.djangoproject.com/en/1.7/ref/contrib/csrf/#csrf-ajax
Update: Because you've already tried exempting CSRF, maybe this could help (depending on which version of Django you're using): https://stackoverflow.com/a/14379073/977931
这篇关于如何使用 Django REST 框架制作 POST 简单 JSON?CSRF 令牌丢失或不正确的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!