如何在 Javascript 生成的 HTML 表单中包含 Django 1.2 的 CSRF 令牌? [英] How do I include Django 1.2's CSRF token in a Javascript-generated HTML form?

问题描述

我最近升级到 Django 1.2.3，但我的上传表单已损坏.每当我尝试上传时，我都会收到CSRF 验证失败.请求中止".错误信息.

I recently upgraded to Django 1.2.3 and my upload forms are now broken. Whenever I attempt to upload, I receive a "CSRF verification failed. Request aborted." error message.

阅读Django 的文档后 关于这个主题，它指出我需要在模板的 HTML <form> 中添加 {% csrf_token %} 模板标签.不幸的是，我的

是通过 JavaScript 生成的(特别是 ExtJs 在面板上的html"属性).

After reading Django's documentation on this subject, it states that I need to add the {% csrf_token %} template tag within the HTML <form> in my template. Unfortunately, my <form> is generated via JavaScript (specifically, ExtJs's "html" property on a Panel).

长话短说，当我的 未包含在 Django 模板中时，如何将所需的 CSRF 令牌标记添加到我的 ?

Long story short, how do I add the required CSRF token tag to my <form> when my <form> is not included in a Django template?

推荐答案

另一种选择是调整 the Django docs with Ext - 如果您有很多模板并且不想更改每个模板，则更可取.

Another option would be to adapt the cookie/header based solution shown in the Django docs with Ext - preferable if you have a lot of templates and don't want to change every single one.

只需将以下代码段放入您的 overrides.js(或您放置全局修改的任何位置):

Just drop the following snippet in your overrides.js (or wherever you put global modifications):

Ext.Ajax.on('beforerequest', function (conn, options) {
   if (!(/^http:.*/.test(options.url) || /^https:.*/.test(options.url))) {
     if (typeof(options.headers) == "undefined") {
       options.headers = {'X-CSRFToken': Ext.util.Cookies.get('csrftoken')};
     } else {
       options.headers.extend({'X-CSRFToken': Ext.util.Cookies.get('csrftoken')});
     }                        
   }
}, this);

(Ext已有cookie读取功能，无需复制)

这篇关于如何在 Javascript 生成的 HTML 表单中包含 Django 1.2 的 CSRF 令牌?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！